CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-2766
https://notcve.org/view.php?id=CVE-2017-2766
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC Documentum eRoom versión 7.4.4, EMC Documentum eRoom versión 7.4.4 SP1, EMC Documentum eRoom versión anterior a 7.4.5 P04, EMC Documentum eRoom versión anterior a 7.5.0 P01 incluye una vulnerabilidad no verificada de cambio de contraseña que podría ser explotada por usuarios malintencionados para comprometer el sistema afectado. • http://www.securityfocus.com/archive/1/540077/30/0/threaded http://www.securityfocus.com/bid/95893 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 1CVE-2014-2512 – EMC Documentum eRoom Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-2512
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en EMC Documentum eRoom 7.4.3, 7.4.4 anterior a P19, y 7.4.4 SP1 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. EMC Documentum eRoom versions 7.4.3, 7.4.4, and 7.4.4 SP1 suffer from a stored cross site scripting vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0176.html http://packetstormsecurity.com/files/127309/EMC-Documentum-eRoom-Cross-Site-Scripting.html http://packetstormsecurity.com/files/127321/EMC-Documentum-eRoom-Stored-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2014/Jul/0 http://secunia.com/advisories/59419 http://www.securityfocus.com/archive/1/532608/100/0/threaded http://www.securitytracker.com/id/1030493 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2013-3286
https://notcve.org/view.php?id=CVE-2013-3286
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. Múltiples vulnerabilidades de cross-site scripting (XSS) en EMC Documentum eRoom anterior a 7.4.4 P11 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una URL manipulada. • http://archives.neohapsis.com/archives/bugtraq/2013-11/0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •