Page 29 of 145 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en OpenText ECM (formalmente, Livelink ECM) permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través de los parámetros (1) viewType y (2) sort en una acción de navegación a livelink/livelink; y los parámetros (3) nodeid, (4) setctx, y (5) support a livelinkdav/nodes/OOB_DAVWindows.html. • http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0359.html http://packetstormsecurity.org/1009-exploits/opentext-xsrfxss.txt http://secunia.com/advisories/41553 http://www.osvdb.org/68256 http://www.osvdb.org/68257 https://exchange.xforce.ibmcloud.com/vulnerabilities/62056 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions. Una vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en Open Text ECM (antiguamente Livelink ECM) v9.7.1 permite a atacantes remotos secuestrar la autenticación de los administradores de las peticiones que cambian los permisos de carpetas y de recursos. • http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0359.html http://packetstormsecurity.org/1009-exploits/opentext-xsrfxss.txt http://secunia.com/advisories/41553 http://www.osvdb.org/68255 https://exchange.xforce.ibmcloud.com/vulnerabilities/62057 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Livelink ECM versiones de la 9.0.0 a 9.7.0 y posiblemente anteriores, no asigna un conjunto de caracteres, que permite a atacantes remotos inyectar secuencias de comandos web o HTMLa través de entradas codificadas UTF-7. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059985.html http://secunia.com/advisories/28723 http://withdk.com/archives/livelink-utf7-xss-advisory.pdf http://www.securityfocus.com/bid/27537 https://exchange.xforce.ibmcloud.com/vulnerabilities/40123 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 8%CPEs: 2EXPL: 2

The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search. • https://www.exploit-db.com/exploits/687 http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0321.html http://secunia.com/advisories/13415 http://securitytracker.com/id?1012478 http://www.osvdb.org/12350 http://www.securityfocus.com/bid/11877 https://exchange.xforce.ibmcloud.com/vulnerabilities/18424 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages. FirstClass Desktop Client 7.1 permite a atacantes remotos ejecutar instrucciones arbitrarias mediante hiperenlaces en mensajes FirstClass RTF. • http://marc.info/?l=bugtraq&m=107340950611167&w=2 http://secunia.com/advisories/10556 http://www.osvdb.org/3442 http://www.securityfocus.com/bid/9370 http://www.securitytracker.com/id?1008609 https://exchange.xforce.ibmcloud.com/vulnerabilities/14151 •