CVE-2014-2511

EPSS 0.3%
Published 20.08.2014 11:17:13
Last modified 12.04.2025 10:46:40
Source security_alert@emc.com
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.

Affected products Warnungen 0 Metrics 2 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Emc ≫ Digital Assets Manager Version6.5

Emc ≫ Digital Assets Manager Version6.5 Updatesp5

Emc ≫ Digital Assets Manager Version6.5 Updatesp6

Emc ≫ Documentum Administrator Version6.7

Emc ≫ Documentum Administrator Version6.7 Updatesp1

Emc ≫ Documentum Administrator Version6.7 Updatesp2

Emc ≫ Documentum Administrator Version7.0

Emc ≫ Documentum Administrator Version7.1

Emc ≫ Documentum Capital Projects Version1.8

Emc ≫ Documentum Capital Projects Version1.9

Emc ≫ Documentum Webtop Version6.7

Emc ≫ Documentum Webtop Version6.7 Updatesp1

Emc ≫ Documentum Webtop Version6.7 Updatesp2

Emc ≫ Engineering Plant Facilities Management Solution For Documentum Version1.7

Emc ≫ Engineering Plant Facilities Management Solution For Documentum Version1.7 Updatesp1

Emc ≫ Records Client Version6.7

Emc ≫ Records Client Version6.7 Updatesp1

Emc ≫ Records Client Version6.7 Updatesp2

Emc ≫ Task Space Version6.7

Emc ≫ Task Space Version6.7 Updatesp1

Emc ≫ Task Space Version6.7 Updatesp2

Emc ≫ Web Publishers Version6.5

Emc ≫ Web Publishers Version6.5 Updatesp6

Emc ≫ Web Publishers Version6.5 Updatesp7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.498

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/60561

http://www.securityfocus.com/archive/1/533160/30/0/threaded

http://www.securityfocus.com/bid/69272

http://www.securitytracker.com/id/1030741

https://exchange.xforce.ibmcloud.com/vulnerabilities/95366

https://nvd.nist.gov/vuln/detail/CVE-2014-2511

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-2511

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-2511

EUVD