InterWoven.WorkDocs.XSS
Description
This indicates an attack attempt against a cross-site scripting vulnerability
in Interwoven WorkDocs.
Interwoven WorkDocs is a document management tool that supports browser-based access. A vulnerability has been reported in it that may allow an attacker to execute script codes on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "compnrtid" parameter value that is passed to "userOptions.asp" . An attacker may include script codes by supplying an injection string through the URL.
Affected Products
Any version of Interwoven WorkDocs.
Impact
System Comprise: Remote attackers can gain control of the vulnerable system.
Recommended Actions
Currently we are not aware of any officially supplied fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |