CVE-2010-5282
https://notcve.org/view.php?id=CVE-2010-5282
Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en OpenText ECM (formalmente, Livelink ECM) permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través de los parámetros (1) viewType y (2) sort en una acción de navegación a livelink/livelink; y los parámetros (3) nodeid, (4) setctx, y (5) support a livelinkdav/nodes/OOB_DAVWindows.html. • http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0359.html http://packetstormsecurity.org/1009-exploits/opentext-xsrfxss.txt http://secunia.com/advisories/41553 http://www.osvdb.org/68256 http://www.osvdb.org/68257 https://exchange.xforce.ibmcloud.com/vulnerabilities/62056 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-5283
https://notcve.org/view.php?id=CVE-2010-5283
Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions. Una vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en Open Text ECM (antiguamente Livelink ECM) v9.7.1 permite a atacantes remotos secuestrar la autenticación de los administradores de las peticiones que cambian los permisos de carpetas y de recursos. • http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0359.html http://packetstormsecurity.org/1009-exploits/opentext-xsrfxss.txt http://secunia.com/advisories/41553 http://www.osvdb.org/68255 https://exchange.xforce.ibmcloud.com/vulnerabilities/62057 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2008-0769
https://notcve.org/view.php?id=CVE-2008-0769
Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Livelink ECM versiones de la 9.0.0 a 9.7.0 y posiblemente anteriores, no asigna un conjunto de caracteres, que permite a atacantes remotos inyectar secuencias de comandos web o HTMLa través de entradas codificadas UTF-7. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059985.html http://secunia.com/advisories/28723 http://withdk.com/archives/livelink-utf7-xss-advisory.pdf http://www.securityfocus.com/bid/27537 https://exchange.xforce.ibmcloud.com/vulnerabilities/40123 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •