Intrusion Prevention

InterWoven.WorkDocs.XSS

Description

This indicates an attack attempt against a cross-site scripting vulnerability
in Interwoven WorkDocs.
Interwoven WorkDocs is a document management tool that supports browser-based access. A vulnerability has been reported in it that may allow an attacker to execute script codes on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "compnrtid" parameter value that is passed to "userOptions.asp" . An attacker may include script codes by supplying an injection string through the URL.

Affected Products

Any version of Interwoven WorkDocs.

Impact

System Comprise: Remote attackers can gain control of the vulnerable system.

Recommended Actions

Currently we are not aware of any officially supplied fix for this issue.

Other References