CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20165
https://notcve.org/view.php?id=CVE-2018-20165
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI. Una vulnerabilidad Cross-Site Scripting (XSS) en OpenText Portal 7.4.4 permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro vgnextoid en un URI menuitem. • https://github.com/hect0rS/Reflected-XSS-on-Opentext-Portal-v7.4.4/blob/master/readme.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-7416 – OpenText Documentum Webtop 5.3 SP2 Open Redirect
https://notcve.org/view.php?id=CVE-2019-7416
XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable. Existe Cross-Site Scripting (XSS) y/o una redirección de URL del lado del cliente en OpenText Documentum Webtop 5.3 SP2. El parámetro startat en "/webtop/help/en/default.htm" es vulnerable. OpenText Documentum Webtop version 5.3.SP2 suffers from an open redirection vulnerability. • http://packetstormsecurity.com/files/151582/OpenText-Documentum-Webtop-5.3-SP2-Open-Redirect.html http://seclists.org/fulldisclosure/2019/Feb/26 https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7660
https://notcve.org/view.php?id=CVE-2018-7660
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the servlet/Download _docbase or _username parameter. En OpenText Documentum D2 Webtop v4.6.0030 build 059, una vulnerabilidad Cross-Site Scripting (XSS) reflejado podría ser explotada por usuarios maliciosos para comprometer el sistema afectado mediante los parámetros servlet/Download _docbase o _username. • https://vipinxsec.blogspot.com/2018/04/reflected-xss-in-documentum-d2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7659
https://notcve.org/view.php?id=CVE-2018-7659
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file. En OpenText Documentum D2 Webtop v4.6.0030 build 059, una vulnerabilidad Cross-Site Scripting (XSS) persistente podría ser explotada por usuarios maliciosos para comprometer el sistema afectado mediante un nombre de archivo de un archivo de imagen subido. • https://vipinxsec.blogspot.com/2018/04/stored-xss-in-documentum-d2-steps-to.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-14960 – EMC xPression 4.5SP1 Patch 13 - 'model.jobHistoryId' SQL Injection
https://notcve.org/view.php?id=CVE-2017-14960
xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection. xDashboard en OpenText Document Sciences xPression (anteriormente EMC Document Sciences xPression) v4.5SP1 Patch 13 tiene inyección SQL. EMC xPression version 4.5SP1 Patch 13 suffers from a remote SQL injection vulnerability. • https://www.exploit-db.com/exploits/43422 http://seclists.org/fulldisclosure/2018/Jan/6 http://www.securityfocus.com/bid/102419 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •