EMC Documentum D2 4.1.x < 4.5 XSS (ESA-2015-109)
Low Nessus Plugin ID 84402
SynopsisThe remote host is affected by a cross-site scripting vulnerability.
DescriptionThe remote host is running a version EMC Documentum D2 that is 4.1.x or 4.2.x prior to 4.5. It is, therefore, affected by a stored cross-site scripting vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
SolutionUpgrade to EMC Documentum D2 4.5 later.