CVE-2008-0769 Information

Description

Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059985.html http://secunia.com/advisories/28723 http://withdk.com/archives/livelink-utf7-xss-advisory.pdf http://www.securityfocus.com/bid/27537 https://exchange.xforce.ibmcloud.com/vulnerabilities/40123