Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019020090

Below is a copy:

OpenText Documentum Webtop 5.3 SP2 Open Redirect
<!--
# Exploit Title: Client Side URL Redirect (OTG-CLIENT-004) in OpenText
Documentum Webtop 5.3 SP2
# Date: 17-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage:
https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum
# Software Link:
https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum
# Version: OpenText Documentum Webtop 5.3 SP2
# Tested on: all
# CVE : CVE-2019-7416
# Category: webapps

1. Description

XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop
5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is
vulnerable.

Client Side URL Redirect (OTG-CLIENT-004) and/or Cross Site Scripting
exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in
"/webtop/help/en/default.htm" is vulnerable.


2. Proof of Concept

http://X.X.X.X/webtop/help/en/default.htm?startat=http://site

Vulnerable parameter: startat


3. Solution:

Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

Note: Vulnerability found in 2006.

-->


Copyright ©2019 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.