OpenText LiveLink Multiple Cross-Site Scripting Vulnerabilities

vendor:

OpenText LiveLink

by:

7.5

CVSS

HIGH

Cross-Site Scripting (XSS)

CWE

Product Name: OpenText LiveLink

Affected Version From: OpenText LiveLink 9.7.1

Affected Version To:

Patch Exists: NO

Related CWE:

CPE: a:opentext:livelink:9.7.1

Metasploit:

Other Scripts:

Platforms Tested:

OpenText LiveLink Multiple Cross-Site Scripting Vulnerabilities

OpenText LiveLink is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Mitigation:

It is recommended to apply the latest security patches provided by OpenText to address these vulnerabilities. Additionally, users should be cautious when clicking on unfamiliar links and ensure that their web browsers are up to date.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/43420/info

OpenText LiveLink is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

OpenText LiveLink 9.7.1 is vulnerable; other versions may also be affected. 

https://www.example.com/livelink/livelink?func=ll&objId=514&objAction=browse&viewType=aa">[XSS]

https://www.example.com/livelinkdav/nodes/OOB_DAVWindow.html?func=oobget&nodeid=514&support=/livelinksupport/&setctx=');[XSS]

https://www.example.com/livelink/livelink?func=ll&objid=1&objAction=browse&sort=[XSS]