CVE-2008-0769

Name of the Vulnerable Software and Affected Versions Livelink ECM versions 9.0.0 through 9.7.0

Description A cross-site scripting issue exists due to the lack of charset setting, allowing remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input.

Recommendations For versions 9.0.0 through 9.7.0, consider setting the charset properly to prevent UTF-7 encoded input from being executed as script. As a temporary workaround, restrict user input to prevent the injection of malicious scripts until a proper fix is applied.