Reflected Cross-Site Scripting in OpenText Documentum D2 Webtop
CVE-2018-7660

5.4MEDIUM

Key Information:

Vendor
Opentext
Vendor
CVE Published:
11 April 2018

Summary

OpenText Documentum D2 Webtop version 4.6.0030 build 059 contains a reflected cross-site scripting vulnerability that can be exploited by attackers. By manipulating the servlet parameters such as /Download _docbase or _username, a malicious user could execute scripts in the context of the user's session, potentially compromising sensitive information and the integrity of the system. Addressing this vulnerability is essential to safeguard against unauthorized actions and data breaches.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.