CVE-2013-3281
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
06/11/2013
Last modified:
11/04/2025
Description
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:emc:documentum_taskspace:*:sp2:*:*:*:*:*:* | 6.7 (including) | |
| cpe:2.3:a:emc:documentum_taskspace:6.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:emc:documentum_taskspace:6.7:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:emc:documentum_capital_projects:*:*:*:*:*:*:*:* | 1.8 (including) | |
| cpe:2.3:a:emc:documentum_wdk:*:sp2:*:*:*:*:*:* | 6.7 (including) | |
| cpe:2.3:a:emc:documentum_wdk:6.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:emc:documentum_wdk:6.7:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:emc:documentum_digital_asset_manager:*:sp5:*:*:*:*:*:* | 6.5 (including) | |
| cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp3:*:*:*:*:*:* | ||
| cpe:2.3:a:emc:documentum_digital_asset_manager:6.5:sp4:*:*:*:*:*:* | ||
| cpe:2.3:a:emc:documentum_administrator:*:sp2:*:*:*:*:*:* | 6.7 (including) | |
| cpe:2.3:a:emc:documentum_administrator:6.7:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page