Vulnerability Description
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Documentum Taskspace | <= 6.7 |
| Emc | Documentum Capital Projects | <= 1.8 |
| Emc | Documentum Wdk | <= 6.7 |
| Emc | Documentum Digital Asset Manager | <= 6.5 |
| Emc | Documentum Administrator | <= 6.7 |
| Emc | Documentum Webtop | <= 6.7 |
| Emc | Documentum Web Publisher | <= 6.5 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html
- http://www.kb.cert.org/vuls/id/466876US Government Resource
- http://archives.neohapsis.com/archives/bugtraq/2013-11/0018.html
- http://www.kb.cert.org/vuls/id/466876US Government Resource
FAQ
What is CVE-2013-3281?
CVE-2013-3281 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 ...
How severe is CVE-2013-3281?
CVE-2013-3281 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3281?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Documentum Taskspace, Emc Documentum Capital Projects, Emc Documentum Wdk, Emc Documentum Digital Asset Manager, Emc Documentum Administrator.