OpenText Documentum Webtop version 5.3.SP2 suffers from an open redirection vulnerability.
e44a6f8701efdc6da276208167ec596d64a4551e4442fbde0fc4a21cdf70744d<!--
# Exploit Title: Client Side URL Redirect (OTG-CLIENT-004) in OpenText
Documentum Webtop 5.3 SP2
# Date: 17-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage:
https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum
# Software Link:
https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum
# Version: OpenText Documentum Webtop 5.3 SP2
# Tested on: all
# CVE : CVE-2019-7416
# Category: webapps
1. Description
XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop
5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is
vulnerable.
Client Side URL Redirect (OTG-CLIENT-004) and/or Cross Site Scripting
exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in
"/webtop/help/en/default.htm" is vulnerable.
2. Proof of Concept
http://X.X.X.X/webtop/help/en/default.htm?startat=http://site
Vulnerable parameter: startat
3. Solution:
Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
Note: Vulnerability found in 2006.
-->
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed