CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2010-5282
https://notcve.org/view.php?id=CVE-2010-5282
Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx, and (5) support parameters to livelinkdav/nodes/OOB_DAVWindow.html. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en OpenText ECM (formalmente, Livelink ECM) permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través de los parámetros (1) viewType y (2) sort en una acción de navegación a livelink/livelink; y los parámetros (3) nodeid, (4) setctx, y (5) support a livelinkdav/nodes/OOB_DAVWindows.html. • http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0359.html http://packetstormsecurity.org/1009-exploits/opentext-xsrfxss.txt http://secunia.com/advisories/41553 http://www.osvdb.org/68256 http://www.osvdb.org/68257 https://exchange.xforce.ibmcloud.com/vulnerabilities/62056 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2010-5283
https://notcve.org/view.php?id=CVE-2010-5283
Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions. Una vulnerabilidad de falsificación de peticiones en sitios cruzados (CSRF) en Open Text ECM (antiguamente Livelink ECM) v9.7.1 permite a atacantes remotos secuestrar la autenticación de los administradores de las peticiones que cambian los permisos de carpetas y de recursos. • http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0359.html http://packetstormsecurity.org/1009-exploits/opentext-xsrfxss.txt http://secunia.com/advisories/41553 http://www.osvdb.org/68255 https://exchange.xforce.ibmcloud.com/vulnerabilities/62057 • CWE-352: Cross-Site Request Forgery (CSRF) •