CVE-2007-3254
5.3 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
61.1%
Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to deletion of a Workflow template; (3) the Content-Type HTTP header; or (4) the name of an uploaded file. NOTE: items 3 and 4 also affect the same version numbers of Xythos Digital Locker (XDL). Some or all vectors might also affect Xythos WebFile Server.
References
osvdb.org/37621
osvdb.org/37622
osvdb.org/37623
osvdb.org/37624
secunia.com/advisories/25783
securityreason.com/securityalert/2845
securitytracker.com/id?1018291
securitytracker.com/id?1018292
www.securityfocus.com/archive/1/472275/100/0/threaded
www.securityfocus.com/bid/24521
www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-004.txt
exchange.xforce.ibmcloud.com/vulnerabilities/35083
Social References
More
5.3 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
61.1%