Vulnerability Note VU#466876
EMC Documentum Product Suite version 6.7 contains a DOM based cross-site scripting vulnerability
EMC Documentum Product Suite version 6.7 and possibly earlier versions contain a DOM based cross-site scripting vulnerability (CWE-79).
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EMC Documentum Product Suite version 6.7 and possibly earlier versions contain a DOM based cross-site scripting vulnerability. An attacker can inject arbitrary script via the vulnerable query string parameter __dmfUrl.
An unauthenticated remote attacker may be able to execute arbitrary script in the context of the end-user's browser session.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|EMC Corporation||Affected||15 Aug 2013||30 Oct 2013|
CVSS Metrics (Learn More)
Thanks to Tudor Enache of Help AG Middle East for reporting this vulnerability.
This document was written by Adam Rauf.
- CVE IDs: CVE-2013-3281
- Date Public: 05 Nov 2013
- Date First Published: 14 Nov 2013
- Date Last Updated: 14 Nov 2013
- Document Revision: 24
If you have feedback, comments, or additional information about this vulnerability, please send us email.