5 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. EMC Documentum WebTop Version 6.8 antes de P18 y Version 6.8.1 antes de P06 y EMC Documentum TaskSpace versión 6.7SP3 antes de P02 y EMC Documentum Capital Projects Version 1.9 antes de P30 y versión 1.10 antes de P17 y EMC Documentum Administrator versión 7.0, versión 7.1 y versión 7.2 antes de P18 contiene una vulnerabilidad Stored Cross-Site Scripting que podría ser potencialmente explotable por usuarios maliciosos para comprometer el sistema afectado. • http://www.securityfocus.com/archive/1/540019/30/0/threaded http://www.securityfocus.com/bid/95625 http://www.securitytracker.com/id/1037626 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface. EMC Documentum WebTop 6.8 en versiones anteriores a Patch 13 y 6.8.1 en versiones anteriores a Patch 02, Documentum Administrator 7.x en versiones anteriores a 7.2 Patch 13, Documentum Capital Projects 1.9 en versiones anteriores a Patch 23 y 1.10 en versiones anteriores a Patch 10 y Documentum TaskSpace 6.7 SP3 permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y ejecutar comandos IAPI/IDQL arbitrarios a través de la interfaz IAPI/IDQL. • http://seclists.org/bugtraq/2016/Jun/92 http://www.securitytracker.com/id/1036153 • CWE-284: Improper Access Control •

CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter. Múltiples vulnerabilidades de XSS en EMC Documentum WebTop anterior a 6.7 SP1 P28 y 6.7 SP2 anterior a P14 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) startat o (2) entryId. • http://secunia.com/advisories/60561 http://www.securityfocus.com/archive/1/533160/30/0/threaded http://www.securityfocus.com/bid/69272 http://www.securitytracker.com/id/1030741 https://exchange.xforce.ibmcloud.com/vulnerabilities/95366 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 23EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. Múltiples vulnerabilidades de CSRF en EMC Documentum WDK anterior a 6.7SP1 P28 y 6.7SP2 anterior a P15 permiten a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://secunia.com/advisories/60563 http://www.securityfocus.com/archive/1/533159/30/0/threaded http://www.securityfocus.com/bid/69277 http://www.securitytracker.com/id/1030742 https://exchange.xforce.ibmcloud.com/vulnerabilities/95365 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0

Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL. Vulnerabilidad Cross-site scripting (XSS) en EMC Documentum Webtop 6.7 SP2 anterior a P07, Documentum WDK 6.7 SP2 anterior a P07, Documentum TaskSpace anterior a 6.7 SP2 P07, Documentum Records Manager 6.7 SP2 anterior a P07, Documentum Web Publisher anterior a 6.5 SP7, Documentum Digital Asset Manager anterior a 6.5 SP6, Documentum Administrador anterior a 6.7 SP2 P07 y Documentum Capitales Proyects anterior a 1.8 P01 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un parámetro diseñado en una URL. • http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html http://www.kb.cert.org/vuls/id/466876 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •