{"vuid":"VU#488684","idnumber":"488684","name":"Hummingbird CyberDOCS contains multiple cross-site scripting vulnerabilities","keywords":["Hummingbird","Cyberdocs","cross-site scripting","css","dm","SD017079","DocsFusion"],"overview":"Hummingbird CyberDOCS contains cross site scripting vulnerabilities that could allow an attacker to obtain sensitive information and possibly impersonate legitimate users.","clean_desc":"Hummingbird CyberDOCS (Hummingbird DM) is a web-based enterprise document management solution that runs on Windows NT/2000 using SQL database technology. Several web pages return user input from URI or POST query parameters without adequate filtering. By convincing a user to access a crafted URI or web page, a remote attacker could execute HTML and script within the trust domain of the CyberDOCS web server.","impact":"A remote attacker could access sensitive information related to the vulnerable web page (cookies, form values, URI data). The attacker could also attempt to mislead the user into providing sensitive information such as login credentials.","resolution":"Apply a patch or upgrade\nFor CyberDOCS 4.0, apply Patch 4 from the CyberDOCS support site. For versions of CyberDOCS prior to 4.0, Hummingbird recommends that customers upgrade to the most recent version of CyberDOCS.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered and reported by \nProCheckUp","author":"This document was written by Art Manion.","public":["http://www.procheckup.com/security_info/vuln_pr0305.html","http://www.hummingbird.com/support/dkm/supportservices/Cyberdocs.html","http://www.cert.org/archive/pdf/cross_site_scripting.pdf"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-09-02T13:15:53Z","publicdate":"2003-10-06T00:00:00Z","datefirstpublished":"2003-10-09T18:53:35Z","dateupdated":"2003-10-14T18:49:24Z","revision":25,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"14","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"2","cam_impact":"8","cam_easeofexploitation":"19","cam_attackeraccessrequired":"19","cam_scorecurrent":"1.9494","cam_scorecurrentwidelyknown":"2.5992","cam_scorecurrentwidelyknownexploited":"4.7652","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.9494,"vulnote":null}