Vulnerability Description
Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext parameter to userdashboard.jsp.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opentext | Secure Mft 2013 | <= r3 |
| Opentext | Secure Mft 2014 | <= r2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/133247/OpenText-Secure-MFT-2014-R2-SP4-CrosExploit
- http://www.securityfocus.com/archive/1/536260/100/0/threaded
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-041.tExploit
- http://packetstormsecurity.com/files/133247/OpenText-Secure-MFT-2014-R2-SP4-CrosExploit
- http://www.securityfocus.com/archive/1/536260/100/0/threaded
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-041.tExploit
FAQ
What is CVE-2015-6530?
CVE-2015-6530 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext param...
How severe is CVE-2015-6530?
CVE-2015-6530 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6530?
Check the references section above for vendor advisories and patch information. Affected products include: Opentext Secure Mft 2013, Opentext Secure Mft 2014.