CVE-2013-3281

Name of the Vulnerable Software and Affected Versions EMC Documentum Webtop versions prior to 6.7 SP2 P07 EMC Documentum WDK versions prior to 6.7 SP2 P07 EMC Documentum Taskspace versions prior to 6.7 SP2 P07 EMC Documentum Records Manager versions prior to 6.7 SP2 P07 EMC Documentum Web Publisher versions prior to 6.5 SP7 EMC Documentum Digital Asset Manager versions prior to 6.5 SP6 EMC Documentum Administrator versions prior to 6.7 SP2 P07 EMC Documentum Capital Projects versions prior to 1.8 P01

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL. This can be exploited by sending a malicious URL with a crafted parameter to inject web script or HTML.

Recommendations For EMC Documentum Webtop versions prior to 6.7 SP2 P07, update to version 6.7 SP2 P07 or later. For EMC Documentum WDK versions prior to 6.7 SP2 P07, update to version 6.7 SP2 P07 or later. For EMC Documentum Taskspace versions prior to 6.7 SP2 P07, update to version 6.7 SP2 P07 or later. For EMC Documentum Records Manager versions prior to 6.7 SP2 P07, update to version 6.7 SP2 P07 or later. For EMC Documentum Web Publisher versions prior to 6.5 SP7, update to version 6.5 SP7 or later. For EMC Documentum Digital Asset Manager versions prior to 6.5 SP6, update to version 6.5 SP6 or later. For EMC Documentum Administrator versions prior to 6.7 SP2 P07, update to version 6.7 SP2 P07 or later. For EMC Documentum Capital Projects versions prior to 1.8 P01, update to version 1.8 P01 or later.