Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00329
Percentile: 0.55261

CVSS Scoring

Mapped CWE(s)

• CWE-79 : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

• cpe:2.3:a:opentext:livelink_ecm:9.0:*:*:*:*:*:*:*
• cpe:2.3:a:opentext:livelink_ecm:9.1:*:*:*:*:*:*:*
• cpe:2.3:a:opentext:livelink_ecm:9.2:*:*:*:*:*:*:*
• cpe:2.3:a:opentext:livelink_ecm:9.3:*:*:*:*:*:*:*
• cpe:2.3:a:opentext:livelink_ecm:9.4:*:*:*:*:*:*:*
• cpe:2.3:a:opentext:livelink_ecm:9.5:*:*:*:*:*:*:*
• cpe:2.3:a:opentext:livelink_ecm:9.6:*:*:*:*:*:*:*
• cpe:2.3:a:opentext:livelink_ecm:9.7:*:*:*:*:*:*:*

← Back to Home