3.5

CVE-2015-0551

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Data is provided by the National Vulnerability Database (NVD)
EmcDocumentum Administrator Version6.7 Updatesp1
EmcDocumentum Administrator Version6.7 Updatesp2
EmcDocumentum Administrator Version7.0
EmcDocumentum Administrator Version7.1
EmcDocumentum Administrator Version7.2
EmcDocumentum Digital Asset Manager Version6.5 Updatesp6
EmcDocumentum Taskspace Version6.7 Updatesp1
EmcDocumentum Taskspace Version6.7 Updatesp2
EmcDocumentum Web Publisher Version6.5 Updatesp7
EmcDocumentum Webtop Version6.7 Updatesp1
EmcDocumentum Webtop Version6.7 Updatesp2
EmcDocumentum Webtop Version6.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.16% 0.333
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.