PT-2018-18190 · Opentext · Opentext Documentum D2 Webtop

Vipin Chaudhary

Published

2018-04-11

Updated

2018-05-16

CVE-2018-7659

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OpenText Documentum D2 Webtop version 4.6.0030 build 059

Description A Stored Cross-Site Scripting issue could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file.

Recommendations For OpenText Documentum D2 Webtop version 4.6.0030 build 059, consider restricting the upload of image files or validating filenames to prevent malicious input until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-7659

Affected Products

Opentext Documentum D2 Webtop

PT-2018-18190 · Opentext · Opentext Documentum D2 Webtop

CVE-2018-7659

Weakness Enumeration

Related Identifiers

Affected Products

References · 3