1 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Livelink ECM versiones de la 9.0.0 a 9.7.0 y posiblemente anteriores, no asigna un conjunto de caracteres, que permite a atacantes remotos inyectar secuencias de comandos web o HTMLa través de entradas codificadas UTF-7. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059985.html http://secunia.com/advisories/28723 http://withdk.com/archives/livelink-utf7-xss-advisory.pdf http://www.securityfocus.com/bid/27537 https://exchange.xforce.ibmcloud.com/vulnerabilities/40123 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •