CVE-2013-3281
EMC Documentum Webtop < 6.7 SP2 P07 - Cross-Site Scripting via URL Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
References (2)
Core 2
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/466876
Scores
EPSS
0.0059
EPSS Percentile
69.4%
Details
CWE
CWE-79
Status
published
Products (13)
emc/documentum_administrator
6.7 (2 CPE variants)
emc/documentum_administrator
< 6.7
emc/documentum_capital_projects
< 1.8
emc/documentum_digital_asset_manager
6.5 (5 CPE variants)
emc/documentum_digital_asset_manager
< 6.5
emc/documentum_taskspace
6.7 (2 CPE variants)
emc/documentum_taskspace
< 6.7
emc/documentum_wdk
6.7 (2 CPE variants)
emc/documentum_wdk
< 6.7
emc/documentum_web_publisher
6.5 (6 CPE variants)
... and 3 more
Published
Nov 06, 2013
Tracked Since
Feb 18, 2026