CVE-2010-5282

Name of the Vulnerable Software and Affected Versions OpenText ECM (formerly Livelink ECM) version 9.7.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the viewType and sort parameters in a browse action to "livelink/livelink", and the nodeid, setctx, and support parameters to "livelinkdav/nodes/OOB DAVWindow.html".

Recommendations For OpenText ECM (formerly Livelink ECM) version 9.7.1, consider restricting access to the vulnerable parameters viewType, sort, nodeid, setctx, and support until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoints.