D2 Cross-Site Scripting ESA

EMC released ESA-2015-109: EMC Documentum D2 Cross-Site Scripting Vulnerability detailing a security vulnerability in D2 v4.1, v4.2, and v4.5.  Interestingly, D2 v4.5 (no patch) is the recommended remediation for the vulnerability, though it is also listed as an affected product. Cross-Site Scripting (XSS) still remains one of the most prevalent vulnerabilities in software today, and one of the easiest to fix(*).

 

* I have no affiliation with Acunetix but found their explanation to be good and thorough.

Advertisements

About Scott
I have been implementing Documentum solutions since 1997. In 2005, I published a book about developing Documentum solutions for the Documentum Desktop Client (ISBN 0595339689). In 2010, I began this blog as a record of interesting and (hopefully) helpful bits of information related to Documentum, and as a creative outlet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: