CVE Vulnerability

CVE-2008-0769

Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059985.html
http://withdk.com/archives/livelink-utf7-xss-advisory.pdf
http://www.securityfocus.com/bid/27537
http://secunia.com/advisories/28723
https://exchange.xforce.ibmcloud.com/vulnerabilities/40123
Configurations

Configuration 1

cpe:2.3:a:opentext:livelink_ecm:9.3:*:*:*:*:*:*:*
cpe:2.3:a:opentext:livelink_ecm:9.2:*:*:*:*:*:*:*
cpe:2.3:a:opentext:livelink_ecm:9.5:*:*:*:*:*:*:*
cpe:2.3:a:opentext:livelink_ecm:9.0:*:*:*:*:*:*:*
cpe:2.3:a:opentext:livelink_ecm:9.7:*:*:*:*:*:*:*
cpe:2.3:a:opentext:livelink_ecm:9.4:*:*:*:*:*:*:*
cpe:2.3:a:opentext:livelink_ecm:9.6:*:*:*:*:*:*:*
cpe:2.3:a:opentext:livelink_ecm:9.1:*:*:*:*:*:*:*
Information

Published : 2008-02-14 12:00

Updated : 2017-08-08 01:29

NVD link : CVE-2008-0769

Mitre link : CVE-2008-0769

Products Affected
No products.
CWE
CWE-116

Improper Encoding or Escaping of Output