CVE-2016-8213

23.01.2017, 07:59

EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Cross-site Scripting

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
dell	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 48%

Vendor	Product	Version
emc	documentum_administrator	7.0
emc	documentum_administrator	7.1
emc	documentum_administrator	7.2
emc	documentum_capital_projects	1.9
emc	documentum_capital_projects	1.10
emc	documentum_taskspace	6.7:sp3
emc	documentum_webtop	6.8
emc	documentum_webtop	6.8.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://www.securityfocus.com/archive/1/540019/30/0/threaded

http://www.securityfocus.com/bid/95625

http://www.securitytracker.com/id/1037626

http://www.securityfocus.com/archive/1/540019/30/0/threaded

http://www.securityfocus.com/bid/95625

http://www.securitytracker.com/id/1037626