CVE-2014-2511

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
emcdigital_assets_manager
6.5
emcdigital_assets_manager
6.5:sp5
emcdigital_assets_manager
6.5:sp6
emcdocumentum_administrator
6.7
emcdocumentum_administrator
6.7:sp1
emcdocumentum_administrator
6.7:sp2
emcdocumentum_administrator
7.0
emcdocumentum_administrator
7.1
emcdocumentum_capital_projects
1.8
emcdocumentum_capital_projects
1.9
emcdocumentum_webtop
6.7
emcdocumentum_webtop
6.7:sp1
emcdocumentum_webtop
6.7:sp2
emcengineering_plant_facilities_management_solution_for_documentum
1.7
emcengineering_plant_facilities_management_solution_for_documentum
1.7:sp1
emcrecords_client
6.7
emcrecords_client
6.7:sp1
emcrecords_client
6.7:sp2
emctask_space
6.7
emctask_space
6.7:sp1
emctask_space
6.7:sp2
emcweb_publishers
6.5
emcweb_publishers
6.5:sp6
emcweb_publishers
6.5:sp7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/60561
http://www.securityfocus.com/archive/1/533160/30/0/threaded
http://www.securityfocus.com/bid/69272
http://www.securitytracker.com/id/1030741
https://exchange.xforce.ibmcloud.com/vulnerabilities/95366
http://secunia.com/advisories/60561
http://www.securityfocus.com/archive/1/533160/30/0/threaded
http://www.securityfocus.com/bid/69272
http://www.securitytracker.com/id/1030741
https://exchange.xforce.ibmcloud.com/vulnerabilities/95366