CVE-2013-3281

Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
emcdocumentum_taskspace
𝑥
≤ 6.7
emcdocumentum_taskspace
6.7
emcdocumentum_taskspace
6.7:sp1
emcdocumentum_capital_projects
𝑥
≤ 1.8
emcdocumentum_wdk
𝑥
≤ 6.7
emcdocumentum_wdk
6.7
emcdocumentum_wdk
6.7:sp1
emcdocumentum_digital_asset_manager
𝑥
≤ 6.5
emcdocumentum_digital_asset_manager
6.5
emcdocumentum_digital_asset_manager
6.5:sp1
emcdocumentum_digital_asset_manager
6.5:sp2
emcdocumentum_digital_asset_manager
6.5:sp3
emcdocumentum_digital_asset_manager
6.5:sp4
emcdocumentum_administrator
𝑥
≤ 6.7
emcdocumentum_administrator
6.7
emcdocumentum_administrator
6.7:sp1
emcdocumentum_webtop
𝑥
≤ 6.7
emcdocumentum_webtop
6.7
emcdocumentum_webtop
6.7:sp1
emcdocumentum_web_publisher
𝑥
≤ 6.5
emcdocumentum_web_publisher
6.5
emcdocumentum_web_publisher
6.5:sp1
emcdocumentum_web_publisher
6.5:sp2
emcdocumentum_web_publisher
6.5:sp3
emcdocumentum_web_publisher
6.5:sp4
emcdocumentum_web_publisher
6.5:sp5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html
http://www.kb.cert.org/vuls/id/466876
http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html
http://www.kb.cert.org/vuls/id/466876