3 matches found
CVE-2017-5586
CVE-2017-5586 affects OpenText Documentum D2 (4.x). A crafted serialized Java object can trigger remote code execution via vulnerable BeanShell (bsh) and Apache Commons Collections libraries. Public analyses (including Imperva’s deserialization-focused post) enumerate the chain: untrusted seriali...
CVE-2018-7659
OpenText Documentum D2 Webtop 4.6.0030 build 059 is affected by a Stored Cross-Site Scripting vulnerability exploitable via the filename of an uploaded image file. The connected CNVD/NVD entries confirm the vulnerability as Stored XSS in Webtop, but the provided documents do not specify a confirm...
CVE-2018-7660
Affected product : OpenText Documentum D2 Webtop v4.6.0030 build 059. Vulnerability : Reflected Cross-Site Scripting (XSS) via the servlet/Download _docbase or _username parameter. Root cause / impact : XSS could allow an attacker to potentially compromise the affected system; exploitation detail...