1. Home
  2. CVE Database
  3. CVE-2014-2511
MEDIUM · 4.3

CVE-2014-2511

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat...

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N
Confidentiality
NONE
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
EmcDigital Assets Manager6.5
EmcDocumentum Administrator6.7
EmcDocumentum Capital Projects1.8
EmcDocumentum Webtop6.7
EmcEngineering Plant Facilities Management Solution For Documentum1.7
EmcRecords Client6.7
EmcTask Space6.7
EmcWeb Publishers6.5

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2014-2511?

CVE-2014-2511 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat...

How severe is CVE-2014-2511?

CVE-2014-2511 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2511?

Check the references section above for vendor advisories and patch information. Affected products include: Emc Digital Assets Manager, Emc Documentum Administrator, Emc Documentum Capital Projects, Emc Documentum Webtop, Emc Engineering Plant Facilities Management Solution For Documentum.