Stored XSS in Documentum D2
Documentum D2 version 4.6 is vulnerable to Stored XSS by HTML encoded value of a XSS payload to bypass the protection.
This bug was reported by Vipin Chaudhary and a CVE ID: CVE-2018-7659 has been assigned to it.
Steps to reproduce:
1. Login with your credentials in documentum d2
2. Go to import and upload any image file
3. then go to properties and click edit to change the document name
4. Now put "><img src=x onerror=alert(1) as the document name which is the HTML encoded value for XSS payload
5. As it gets saved in the portal, it will trigger the Stored XSS.
PoC:
Comments
Post a Comment