CVE-2015-4528

Name of the Vulnerable Software and Affected Versions EMC Documentum CenterStage versions 1.2SP1 through 1.2SP2

Description The issue exists due to insufficient protection of the web page structure, allowing for the exploitation of a cross-site scripting (XSS) vulnerability. This could enable a remote attacker to execute arbitrary HTML code. The vulnerability can be exploited by injecting arbitrary web script or HTML via unspecified vectors, but it requires remote authenticated users.

Recommendations For versions 1.2SP1 and 1.2SP2, consider restricting access to the web interface until a patch is available. As a temporary workaround, avoid using the web interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.