VYPR

ECM

by Opentext

CVEs (5)

  • CVE-2023-47261Dec 14, 2023
    risk 0.00cvss epss 0.02

    Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database access, and xp_cmdshell can be enabled.

  • CVE-2021-41391Sep 17, 2021
    risk 0.00cvss epss 0.01

    In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover.

  • CVE-2021-41390Sep 17, 2021
    risk 0.00cvss epss 0.01

    In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.

  • CVE-2010-5283Nov 26, 2012
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in OpenText ECM (formerly Livelink ECM) 9.7.1 allows remote attackers to hijack the authentication of administrators for requests that change folder and resource permissions.

  • CVE-2010-5282Nov 26, 2012
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (3) nodeid, (4) setctx,…