CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7660
https://notcve.org/view.php?id=CVE-2018-7660
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via the servlet/Download _docbase or _username parameter. En OpenText Documentum D2 Webtop v4.6.0030 build 059, una vulnerabilidad Cross-Site Scripting (XSS) reflejado podría ser explotada por usuarios maliciosos para comprometer el sistema afectado mediante los parámetros servlet/Download _docbase o _username. • https://vipinxsec.blogspot.com/2018/04/reflected-xss-in-documentum-d2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-7659
https://notcve.org/view.php?id=CVE-2018-7659
In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file. En OpenText Documentum D2 Webtop v4.6.0030 build 059, una vulnerabilidad Cross-Site Scripting (XSS) persistente podría ser explotada por usuarios maliciosos para comprometer el sistema afectado mediante un nombre de archivo de un archivo de imagen subido. • https://vipinxsec.blogspot.com/2018/04/stored-xss-in-documentum-d2-steps-to.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 8%CPEs: 7EXPL: 2CVE-2017-5586 – OpenText Documentum D2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-5586
OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries. OpenText Documentum D2 (anteriormente EMC Documentum D2) 4.x permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con las librerías BeanShell (bsh) y Apache Commons Collections (ACC). OpenText Documentum D2 version 4.x contains vulnerable BeanShell (bsh) and Apache Commons libraries and accepts serialized data from untrusted sources, which leads to remote code execution. • https://www.exploit-db.com/exploits/41366 http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.html http://www.securityfocus.com/bid/96216 • CWE-20: Improper Input Validation •