CVE-2013-6175
EMC Document Sciences xPression 4.1 SP1-4.5 - Cross-Site Scripting via xAdmin or xDashboard Form
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to inject arbitrary web script or HTML via unspecified input to a (1) xAdmin or (2) xDashboard form.
References (4)
Core 4
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029384
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/346982
Scores
EPSS
0.0047
EPSS Percentile
64.8%
Details
CWE
CWE-79
Status
published
Products (3)
emc/document_sciences_xpression
4.1 sp1 (3 CPE variants)
emc/document_sciences_xpression
4.2 (3 CPE variants)
emc/document_sciences_xpression
4.5 (3 CPE variants)
Published
Nov 21, 2013
Tracked Since
Feb 18, 2026