Lucene search

MitreCVE-2008-0769

HistoryFeb 14, 2008 - 12:00 a.m.

CVE-2008-0769

2008-02-1400:00:00

CWE-79

mitre

web.nvd.nist.gov

cve

2008

0769

xss

vulnerability

livelink

ecm

web script

html

utf-7

encoded input

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.9%

JSON

Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input.

Affected configurations

Nvd

Node

opentextlivelink_ecmMatch9.0

opentextlivelink_ecmMatch9.1

opentextlivelink_ecmMatch9.2

opentextlivelink_ecmMatch9.3

opentextlivelink_ecmMatch9.4

opentextlivelink_ecmMatch9.5

opentextlivelink_ecmMatch9.6

opentextlivelink_ecmMatch9.7

VendorProductVersionCPE
opentextlivelink_ecm9.0cpe:2.3:a:opentext:livelink_ecm:9.0:*:*:*:*:*:*:*
opentextlivelink_ecm9.1cpe:2.3:a:opentext:livelink_ecm:9.1:*:*:*:*:*:*:*
opentextlivelink_ecm9.2cpe:2.3:a:opentext:livelink_ecm:9.2:*:*:*:*:*:*:*
opentextlivelink_ecm9.3cpe:2.3:a:opentext:livelink_ecm:9.3:*:*:*:*:*:*:*
opentextlivelink_ecm9.4cpe:2.3:a:opentext:livelink_ecm:9.4:*:*:*:*:*:*:*
opentextlivelink_ecm9.5cpe:2.3:a:opentext:livelink_ecm:9.5:*:*:*:*:*:*:*
opentextlivelink_ecm9.6cpe:2.3:a:opentext:livelink_ecm:9.6:*:*:*:*:*:*:*
opentextlivelink_ecm9.7cpe:2.3:a:opentext:livelink_ecm:9.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opentext	livelink_ecm	9.0	cpe:2.3:a:opentext:livelink_ecm:9.0:::::::*
opentext	livelink_ecm	9.1	cpe:2.3:a:opentext:livelink_ecm:9.1:::::::*
opentext	livelink_ecm	9.2	cpe:2.3:a:opentext:livelink_ecm:9.2:::::::*
opentext	livelink_ecm	9.3	cpe:2.3:a:opentext:livelink_ecm:9.3:::::::*
opentext	livelink_ecm	9.4	cpe:2.3:a:opentext:livelink_ecm:9.4:::::::*
opentext	livelink_ecm	9.5	cpe:2.3:a:opentext:livelink_ecm:9.5:::::::*
opentext	livelink_ecm	9.6	cpe:2.3:a:opentext:livelink_ecm:9.6:::::::*
opentext	livelink_ecm	9.7	cpe:2.3:a:opentext:livelink_ecm:9.7:::::::*

References

lists.grok.org.uk/pipermail/full-disclosure/2008-January/059985.html

secunia.com/advisories/28723

withdk.com/archives/livelink-utf7-xss-advisory.pdf

www.securityfocus.com/bid/27537

exchange.xforce.ibmcloud.com/vulnerabilities/40123

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.9%

JSON

Related for CVE-2008-0769