Reflected Cross-Site Scripting in OpenText Documentum D2 Webtop
CVE-2018-7660
5.4MEDIUM
Summary
OpenText Documentum D2 Webtop version 4.6.0030 build 059 contains a reflected cross-site scripting vulnerability that can be exploited by attackers. By manipulating the servlet parameters such as /Download _docbase or _username, a malicious user could execute scripts in the context of the user's session, potentially compromising sensitive information and the integrity of the system. Addressing this vulnerability is essential to safeguard against unauthorized actions and data breaches.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved