Vulnerability Details : CVE-2013-6175
Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to inject arbitrary web script or HTML via unspecified input to a (1) xAdmin or (2) xDashboard form.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2013-6175
Probability of exploitation activity in the next 30 days: 0.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 63 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-6175
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-6175
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6175
-
http://www.kb.cert.org/vuls/id/346982
VU#346982 - EMC Document Sciences xPression contains multiple vulnerabilitiesUS Government Resource
- http://archives.neohapsis.com/archives/bugtraq/2013-11/0095.html
-
http://packetstormsecurity.com/files/124070/EMC-Document-Sciences-xPression-XSS-CSRF-Redirect-SQL-Injection.html
EMC Document Sciences xPression XSS / CSRF / Redirect / SQL Injection ≈ Packet Storm
-
http://www.securitytracker.com/id/1029384
EMC Document Sciences xPression Bugs Let Remote Users Conduct Cross-Site Scripting, Cross-Site Request Forgery, SQL Injection, and Directory Traversal Attacks - SecurityTracker
Products affected by CVE-2013-6175
- cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:documentum:*:*:*
- cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:documentum:*:*:*
- cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:documentum:*:*:*
- cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:publish_engine
- cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:publish_engine
- cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:publish_engine
- cpe:2.3:a:emc:document_sciences_xpression:4.1:sp1:-:*:enterprise:-:-:compuset_engine
- cpe:2.3:a:emc:document_sciences_xpression:4.2:-:-:*:enterprise:-:-:compuset_engine
- cpe:2.3:a:emc:document_sciences_xpression:4.5:-:-:*:enterprise:-:-:compuset_engine