Opentext: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input.
CVSS Score
4.3
EPSS Score
0.004
Published
2008-02-14
Centrinity FirstClass 8.3 and earlier, and Server and Internet Services 8.0 and earlier, do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS) attacks. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
4.3
EPSS Score
0.004
Published
2007-06-01
The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search.
CVSS Score
7.8
EPSS Score
0.075
Published
2004-12-31
FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages.
CVSS Score
7.5
EPSS Score
0.011
Published
2004-01-20
Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users.
CVSS Score
5.0
EPSS Score
0.006
Published
2001-08-22
Page 13