CVE-2013-3281: XSS
First published: Wed Nov 06 2013(Updated: )
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| EMC Documentum TaskSpace | <=6.7 | |
| EMC Documentum TaskSpace | =6.7 | |
| EMC Documentum TaskSpace | =6.7-sp1 | |
| EMC Documentum Capital Projects | <=1.8 | |
| EMC Documentum WDK | <=6.7 | |
| EMC Documentum WDK | =6.7 | |
| EMC Documentum WDK | =6.7-sp1 | |
| EMC Digital Assets Manager | <=6.5 | |
| EMC Digital Assets Manager | =6.5 | |
| EMC Digital Assets Manager | =6.5-sp1 | |
| EMC Digital Assets Manager | =6.5-sp2 | |
| EMC Digital Assets Manager | =6.5-sp3 | |
| EMC Digital Assets Manager | =6.5-sp4 | |
| EMC Documentum Administrator | <=6.7 | |
| EMC Documentum Administrator | =6.7 | |
| EMC Documentum Administrator | =6.7-sp1 | |
| EMC Documentum Webtop | <=6.7 | |
| EMC Documentum Webtop | =6.7 | |
| EMC Documentum Webtop | =6.7-sp1 | |
| Emc Web Publishers | <=6.5 | |
| Emc Web Publishers | =6.5 | |
| Emc Web Publishers | =6.5-sp1 | |
| Emc Web Publishers | =6.5-sp2 | |
| Emc Web Publishers | =6.5-sp3 | |
| Emc Web Publishers | =6.5-sp4 | |
| Emc Web Publishers | =6.5-sp5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-3281?
CVE-2013-3281 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2013-3281?
To fix CVE-2013-3281, upgrade to the latest supported versions of the affected software such as Documentum Webtop 6.7 SP2 P07 or later.
Which versions are affected by CVE-2013-3281?
CVE-2013-3281 affects versions of Documentum Webtop, WDK, Taskspace, and other related software prior to their respective SP2 updates.
What type of vulnerability is CVE-2013-3281?
CVE-2013-3281 is a cross-site scripting (XSS) vulnerability which can allow attackers to execute arbitrary scripts in the context of a user's browser.
Is CVE-2013-3281 being exploited in the wild?
At the time of reporting, there was no public information confirming active exploitation of CVE-2013-3281 in the wild.
- agent/references
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/description
- vendor/emc
- canonical/emc documentum taskspace
- version/emc documentum taskspace/6.7
- version/emc documentum taskspace/6.7-sp1
- canonical/emc documentum capital projects
- version/emc documentum capital projects/1.8
- canonical/emc documentum wdk
- version/emc documentum wdk/6.7
- version/emc documentum wdk/6.7-sp1
- canonical/emc digital assets manager
- version/emc digital assets manager/6.5
- version/emc digital assets manager/6.5-sp1
- version/emc digital assets manager/6.5-sp2
- version/emc digital assets manager/6.5-sp3
- version/emc digital assets manager/6.5-sp4
- canonical/emc documentum administrator
- version/emc documentum administrator/6.7
- version/emc documentum administrator/6.7-sp1
- canonical/emc documentum webtop
- version/emc documentum webtop/6.7
- version/emc documentum webtop/6.7-sp1
- canonical/emc web publishers
- version/emc web publishers/6.5
- version/emc web publishers/6.5-sp1
- version/emc web publishers/6.5-sp2
- version/emc web publishers/6.5-sp3
- version/emc web publishers/6.5-sp4
- version/emc web publishers/6.5-sp5