cvelistv5 - CVE-2016-8213

CVE-2016-8213 (GCVE-0-2016-8213)

Vulnerability from cvelistv5 – Published: 2017-01-23 06:49 – Updated: 2024-08-06 02:13

Summary

EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Severity ?

No CVSS data available.

CWE

Stored Cross-Site Scripting

Assigner

dell

References

URL

Tags

	http://www.securityfocus.com/archive/1/540019/30/…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/95625	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1037626	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	EMC Documentum Webtop and Clients	Affected: EMC Documentum Webtop and Clients

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:13:21.796Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
          },
          {
            "name": "95625",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95625"
          },
          {
            "name": "1037626",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037626"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EMC Documentum Webtop and Clients",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EMC Documentum Webtop and Clients"
            }
          ]
        }
      ],
      "datePublic": "2017-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stored Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-10T21:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
        },
        {
          "name": "95625",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95625"
        },
        {
          "name": "1037626",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037626"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2016-8213",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EMC Documentum Webtop and Clients",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EMC Documentum Webtop and Clients"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stored Cross-Site Scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.securityfocus.com/archive/1/540019/30/0/threaded",
              "refsource": "CONFIRM",
              "url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
            },
            {
              "name": "95625",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95625"
            },
            {
              "name": "1037626",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037626"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2016-8213",
    "datePublished": "2017-01-23T06:49:00",
    "dateReserved": "2016-09-13T00:00:00",
    "dateUpdated": "2024-08-06T02:13:21.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34D56991-BEA6-4160-9E5C-4B7034DB1FD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E97C5C13-EBDB-4906-8875-1D8D70C68206\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5E065EF-D76B-40D3-BEC1-D846654C6590\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_capital_projects:1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B0AED45-805C-4AE2-A12C-11F8710A7F06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_capital_projects:1.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2105B120-08F1-4493-8EDD-6DD8492A6D0A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_taskspace:6.7:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"15EF2D73-E10A-469A-A8F4-9F4A2AE07C54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"261FA013-FE18-4B09-A52B-909E2BB06891\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:emc:documentum_webtop:6.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3A7E70A-8E7F-44F7-B6D2-4AE4B61D6D1E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.\"}, {\"lang\": \"es\", \"value\": \"EMC Documentum WebTop Version 6.8 antes de P18 y Version 6.8.1 antes de P06 y EMC Documentum TaskSpace versi\\u00f3n 6.7SP3 antes de P02 y EMC Documentum Capital Projects Version 1.9 antes de P30 y versi\\u00f3n 1.10 antes de P17 y EMC Documentum Administrator versi\\u00f3n 7.0, versi\\u00f3n 7.1 y versi\\u00f3n 7.2 antes de P18 contiene una vulnerabilidad Stored Cross-Site Scripting que podr\\u00eda ser potencialmente explotable por usuarios maliciosos para comprometer el sistema afectado.\"}]",
      "id": "CVE-2016-8213",
      "lastModified": "2024-11-21T02:58:59.943",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-01-23T07:59:00.440",
      "references": "[{\"url\": \"http://www.securityfocus.com/archive/1/540019/30/0/threaded\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/95625\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://www.securitytracker.com/id/1037626\", \"source\": \"security_alert@emc.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/540019/30/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/95625\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1037626\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-8213\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2017-01-23T07:59:00.440\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.\"},{\"lang\":\"es\",\"value\":\"EMC Documentum WebTop Version 6.8 antes de P18 y Version 6.8.1 antes de P06 y EMC Documentum TaskSpace versi\u00f3n 6.7SP3 antes de P02 y EMC Documentum Capital Projects Version 1.9 antes de P30 y versi\u00f3n 1.10 antes de P17 y EMC Documentum Administrator versi\u00f3n 7.0, versi\u00f3n 7.1 y versi\u00f3n 7.2 antes de P18 contiene una vulnerabilidad Stored Cross-Site Scripting que podr\u00eda ser potencialmente explotable por usuarios maliciosos para comprometer el sistema afectado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34D56991-BEA6-4160-9E5C-4B7034DB1FD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E97C5C13-EBDB-4906-8875-1D8D70C68206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5E065EF-D76B-40D3-BEC1-D846654C6590\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_capital_projects:1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B0AED45-805C-4AE2-A12C-11F8710A7F06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_capital_projects:1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2105B120-08F1-4493-8EDD-6DD8492A6D0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_taskspace:6.7:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"15EF2D73-E10A-469A-A8F4-9F4A2AE07C54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"261FA013-FE18-4B09-A52B-909E2BB06891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:emc:documentum_webtop:6.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3A7E70A-8E7F-44F7-B6D2-4AE4B61D6D1E\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/archive/1/540019/30/0/threaded\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/95625\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securitytracker.com/id/1037626\",\"source\":\"security_alert@emc.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/540019/30/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/95625\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1037626\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CNVD-2017-00983

Vulnerability from cnvd - Published: 2017-02-06

Title

多款EMC产品HTML注入漏洞

Description

EMC Documentum WebTop等都是美国易安信（EMC）公司的产品。EMC Documentum WebTop是一套允许用户在标准浏览器应用中访问Documentum存储库和内容管理服务的产品。Documentum Administrator是一套基于Web用来执行Documentum系统管理任务的开发工具。多款EMC产品存在HTML注入漏洞。由于程序未能充分验证用户输入。攻击者可利用特制的HTML或JavaScript代码在受影响的网站中运行，窃取基于cookie的认证证书，控制网站呈现给用户的内容。

Severity

中

Patch Name

多款EMC产品HTML注入漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： https://www.emc.com/zh-cn/index.htm

Reference

http://www.securityfocus.com/bid/95625 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8213

Impacted products

Name
['EMC Documentum Administrator 7.2', 'EMC Documentum Administrator 7.0', 'EMC Documentum Administrator 7.1', 'EMC Documentum Capital Projects 1.9', 'EMC Documentum Capital Projects 1.10', 'EMC Documentum Taskspace 6.7 SP3', 'EMC Documentum Webtop 6.8.1', 'EMC Documentum Webtop 6.8']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95625"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8213",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8213"
    }
  },
  "description": "EMC Documentum WebTop\u7b49\u90fd\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002EMC Documentum WebTop\u662f\u4e00\u5957\u5141\u8bb8\u7528\u6237\u5728\u6807\u51c6\u6d4f\u89c8\u5668\u5e94\u7528\u4e2d\u8bbf\u95eeDocumentum\u5b58\u50a8\u5e93\u548c\u5185\u5bb9\u7ba1\u7406\u670d\u52a1\u7684\u4ea7\u54c1\u3002Documentum Administrator\u662f\u4e00\u5957\u57fa\u4e8eWeb\u7528\u6765\u6267\u884cDocumentum\u7cfb\u7edf\u7ba1\u7406\u4efb\u52a1\u7684\u5f00\u53d1\u5de5\u5177\u3002\r\n\r\n\u591a\u6b3eEMC\u4ea7\u54c1\u5b58\u5728HTML\u6ce8\u5165\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u7279\u5236\u7684HTML\u6216JavaScript\u4ee3\u7801\u5728\u53d7\u5f71\u54cd\u7684\u7f51\u7ad9\u4e2d\u8fd0\u884c\uff0c\u7a83\u53d6\u57fa\u4e8ecookie\u7684\u8ba4\u8bc1\u8bc1\u4e66\uff0c\u63a7\u5236\u7f51\u7ad9\u5448\u73b0\u7ed9\u7528\u6237\u7684\u5185\u5bb9\u3002",
  "discovererName": "EMC",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.emc.com/zh-cn/index.htm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00983",
  "openTime": "2017-02-06",
  "patchDescription": "EMC Documentum WebTop\u7b49\u90fd\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002EMC Documentum WebTop\u662f\u4e00\u5957\u5141\u8bb8\u7528\u6237\u5728\u6807\u51c6\u6d4f\u89c8\u5668\u5e94\u7528\u4e2d\u8bbf\u95eeDocumentum\u5b58\u50a8\u5e93\u548c\u5185\u5bb9\u7ba1\u7406\u670d\u52a1\u7684\u4ea7\u54c1\u3002Documentum Administrator\u662f\u4e00\u5957\u57fa\u4e8eWeb\u7528\u6765\u6267\u884cDocumentum\u7cfb\u7edf\u7ba1\u7406\u4efb\u52a1\u7684\u5f00\u53d1\u5de5\u5177\u3002\r\n\r\n\u591a\u6b3eEMC\u4ea7\u54c1\u5b58\u5728HTML\u6ce8\u5165\u6f0f\u6d1e\u3002\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u7279\u5236\u7684HTML\u6216JavaScript\u4ee3\u7801\u5728\u53d7\u5f71\u54cd\u7684\u7f51\u7ad9\u4e2d\u8fd0\u884c\uff0c\u7a83\u53d6\u57fa\u4e8ecookie\u7684\u8ba4\u8bc1\u8bc1\u4e66\uff0c\u63a7\u5236\u7f51\u7ad9\u5448\u73b0\u7ed9\u7528\u6237\u7684\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eEMC\u4ea7\u54c1HTML\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "EMC Documentum Administrator 7.2",
      "EMC Documentum Administrator 7.0",
      "EMC Documentum Administrator 7.1",
      "EMC Documentum Capital Projects 1.9",
      "EMC Documentum Capital Projects 1.10",
      "EMC Documentum Taskspace 6.7 SP3",
      "EMC Documentum Webtop 6.8.1",
      "EMC Documentum Webtop  6.8"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95625\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8213",
  "serverity": "\u4e2d",
  "submitTime": "2017-01-20",
  "title": "\u591a\u6b3eEMC\u4ea7\u54c1HTML\u6ce8\u5165\u6f0f\u6d1e"
}

FKIE_CVE-2016-8213

Vulnerability from fkie_nvd - Published: 2017-01-23 07:59 - Updated: 2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security_alert@emc.com	http://www.securityfocus.com/archive/1/540019/30/0/threaded	Third Party Advisory, VDB Entry
security_alert@emc.com	http://www.securityfocus.com/bid/95625
security_alert@emc.com	http://www.securitytracker.com/id/1037626
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/540019/30/0/threaded	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95625
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037626

Impacted products

Vendor	Product	Version
emc	documentum_administrator	7.0
emc	documentum_administrator	7.1
emc	documentum_administrator	7.2
emc	documentum_capital_projects	1.9
emc	documentum_capital_projects	1.10
emc	documentum_taskspace	6.7
emc	documentum_webtop	6.8
emc	documentum_webtop	6.8.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "34D56991-BEA6-4160-9E5C-4B7034DB1FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E97C5C13-EBDB-4906-8875-1D8D70C68206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5E065EF-D76B-40D3-BEC1-D846654C6590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B0AED45-805C-4AE2-A12C-11F8710A7F06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_capital_projects:1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "2105B120-08F1-4493-8EDD-6DD8492A6D0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "15EF2D73-E10A-469A-A8F4-9F4A2AE07C54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "261FA013-FE18-4B09-A52B-909E2BB06891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:documentum_webtop:6.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3A7E70A-8E7F-44F7-B6D2-4AE4B61D6D1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system."
    },
    {
      "lang": "es",
      "value": "EMC Documentum WebTop Version 6.8 antes de P18 y Version 6.8.1 antes de P06 y EMC Documentum TaskSpace versi\u00f3n 6.7SP3 antes de P02 y EMC Documentum Capital Projects Version 1.9 antes de P30 y versi\u00f3n 1.10 antes de P17 y EMC Documentum Administrator versi\u00f3n 7.0, versi\u00f3n 7.1 y versi\u00f3n 7.2 antes de P18 contiene una vulnerabilidad Stored Cross-Site Scripting que podr\u00eda ser potencialmente explotable por usuarios maliciosos para comprometer el sistema afectado."
    }
  ],
  "id": "CVE-2016-8213",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-23T07:59:00.440",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/bid/95625"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securitytracker.com/id/1037626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/95625"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037626"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MQ94-7MM8-M4XR

Vulnerability from github – Published: 2022-05-17 03:00 – Updated: 2022-05-17 03:00

Details

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-23T07:59:00Z",
    "severity": "MODERATE"
  },
  "details": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.",
  "id": "GHSA-mq94-7mm8-m4xr",
  "modified": "2022-05-17T03:00:39Z",
  "published": "2022-05-17T03:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8213"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95625"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037626"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-8213

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-8213

Aliases

CVE-2016-8213

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8213",
    "description": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.",
    "id": "GSD-2016-8213"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8213"
      ],
      "details": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.",
      "id": "GSD-2016-8213",
      "modified": "2023-12-13T01:21:22.511626Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security_alert@emc.com",
        "ID": "CVE-2016-8213",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "EMC Documentum Webtop and Clients",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "EMC Documentum Webtop and Clients"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Stored Cross-Site Scripting"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.securityfocus.com/archive/1/540019/30/0/threaded",
            "refsource": "CONFIRM",
            "url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
          },
          {
            "name": "95625",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95625"
          },
          {
            "name": "1037626",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037626"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_capital_projects:1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_capital_projects:1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:6.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_taskspace:6.7:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2016-8213"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.securityfocus.com/archive/1/540019/30/0/threaded",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/archive/1/540019/30/0/threaded"
            },
            {
              "name": "95625",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/95625"
            },
            {
              "name": "1037626",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037626"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2017-02-11T02:59Z",
      "publishedDate": "2017-01-23T07:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-8213 (GCVE-0-2016-8213)

CNVD-2017-00983

FKIE_CVE-2016-8213

GHSA-MQ94-7MM8-M4XR

GSD-2016-8213

Tags

Sightings

Nomenclature