CVE-2013-3281

Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html
http://www.kb.cert.org/vuls/id/466876	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:emc:documentum_taskspace::sp2::::::*
	cpe:2.3:a:emc:documentum_taskspace:6.7:::::::*
	cpe:2.3:a:emc:documentum_taskspace:6.7:sp1::::::

Configuration 2 (hide)

cpe:2.3:a:emc:documentum_capital_projects:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:emc:documentum_wdk:6.7:::::::*
	cpe:2.3:a:emc:documentum_wdk:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_wdk::sp2::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp1::::::
	cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:::::::*
	cpe:2.3:a:emc:documentum_digital_asset_manager::sp5::::::*
	cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp4::::::
	cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp3::::::
	cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp2::::::

Configuration 5 (hide)

OR	cpe:2.3:a:emc:documentum_administrator:6.7:sp1::::::
	cpe:2.3:a:emc:documentum_administrator:6.7:::::::*
	cpe:2.3:a:emc:documentum_administrator::sp2::::::*

Configuration 6 (hide)

OR	cpe:2.3:a:emc:documentum_webtop::sp2::::::*
	cpe:2.3:a:emc:documentum_webtop:6.7:::::::*
	cpe:2.3:a:emc:documentum_webtop:6.7:sp1::::::

Configuration 7 (hide)

OR	cpe:2.3:a:emc:documentum_web_publisher::sp6::::::*
	cpe:2.3:a:emc:documentum_web_publisher:6.5:sp2::::::
	cpe:2.3:a:emc:documentum_web_publisher:6.5:sp3::::::
	cpe:2.3:a:emc:documentum_web_publisher:6.5:sp4::::::
	cpe:2.3:a:emc:documentum_web_publisher:6.5:sp5::::::
	cpe:2.3:a:emc:documentum_web_publisher:6.5:::::::*
	cpe:2.3:a:emc:documentum_web_publisher:6.5:sp1::::::

Information

Published : 2013-11-06 07:55

Updated : 2013-12-19 20:35

NVD link : CVE-2013-3281

Mitre link : CVE-2013-3281

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

emc

documentum_taskspace
documentum_administrator
documentum_digital_asset_manager
documentum_web_publisher
documentum_webtop
documentum_wdk
documentum_capital_projects

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html", "name": "20131105 ESA-2013-070: EMC Documentum Cross Site Scripting Vulnerability.", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.kb.cert.org/vuls/id/466876", "name": "VU#466876", "tags": ["US Government Resource"], "refsource": "CERT-VN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-3281", "ASSIGNER": "secure@dell.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2013-11-06T15:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:emc:documentum_taskspace:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.7"}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_taskspace:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:emc:documentum_capital_projects:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.8"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:emc:documentum_wdk:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_wdk:6.7:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_wdk:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.7"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_digital_asset_manager:*:sp5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.5"}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:6.7:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.7"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.7"}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:6.7:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:emc:documentum_web_publisher:*:sp6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.5"}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_web_publisher:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:emc:documentum_web_publisher:6.5:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2013-12-20T04:35Z"}

4.3 /10