CVE-2015-0551
https://notcve.org/view.php?id=CVE-2015-0551
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en EMC Documentum WebTop 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, y 6.8 anterior a P01; Documentum Administrator 6.7SP1 anterior a P31, 6.7SP2 anterior a P23, 7.0 anterior a P18, 7.1 anterior a P15, y 7.2 anterior a P01; Documentum Digital Assets Manager 6.5SP6 anterior a P25; Documentum Web Publishers 6.5 SP7 anterior a P25; y Documentum Task Space 6.7SP1 anterior a P31 y 6.7SP2 anterior a P23 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://seclists.org/bugtraq/2015/Jul/9 http://www.securitytracker.com/id/1032770 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-2511
https://notcve.org/view.php?id=CVE-2014-2511
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter. Múltiples vulnerabilidades de XSS en EMC Documentum WebTop anterior a 6.7 SP1 P28 y 6.7 SP2 anterior a P14 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) startat o (2) entryId. • http://secunia.com/advisories/60561 http://www.securityfocus.com/archive/1/533160/30/0/threaded http://www.securityfocus.com/bid/69272 http://www.securitytracker.com/id/1030741 https://exchange.xforce.ibmcloud.com/vulnerabilities/95366 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-2518
https://notcve.org/view.php?id=CVE-2014-2518
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. Múltiples vulnerabilidades de CSRF en EMC Documentum WDK anterior a 6.7SP1 P28 y 6.7SP2 anterior a P15 permiten a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://secunia.com/advisories/60563 http://www.securityfocus.com/archive/1/533159/30/0/threaded http://www.securityfocus.com/bid/69277 http://www.securitytracker.com/id/1030742 https://exchange.xforce.ibmcloud.com/vulnerabilities/95365 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-3281
https://notcve.org/view.php?id=CVE-2013-3281
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL. Vulnerabilidad Cross-site scripting (XSS) en EMC Documentum Webtop 6.7 SP2 anterior a P07, Documentum WDK 6.7 SP2 anterior a P07, Documentum TaskSpace anterior a 6.7 SP2 P07, Documentum Records Manager 6.7 SP2 anterior a P07, Documentum Web Publisher anterior a 6.5 SP7, Documentum Digital Asset Manager anterior a 6.5 SP6, Documentum Administrador anterior a 6.7 SP2 P07 y Documentum Capitales Proyects anterior a 1.8 P01 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un parámetro diseñado en una URL. • http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html http://www.kb.cert.org/vuls/id/466876 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-0939
https://notcve.org/view.php?id=CVE-2013-0939
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting" issue. EMC Documentum Webtop anterior a v6.7 SP2, Documentum WDK anterior a v6.7 SP2, Documentum Taskspace anterior a v6.7 SP2, y Documentum Records Manager anterior a v6.7 SP2 permite a atacantes remotos obtener información sensible a traves de vectores que comprenden frames "cross-origin", relacionado con un problema "Cross Frame Scripting". • http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html • CWE-20: Improper Input Validation •