CVE-2013-6175

EMC Document Sciences Xpression - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to inject arbitrary web script or HTML via unspecified input to a (1) xAdmin or (2) xDashboard form.

References (4)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html

[US Government Resource] http://www.kb.cert.org/vuls/id/346982

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1029384

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html

Scores

EPSS 0.0047

EPSS Percentile 64.3%

Details

CWE

CWE-79

Status published

Products (10)

emc/document_sciences_xpression

n/a/n/a

Published Nov 21, 2013

Tracked Since Feb 18, 2026