Lucene search

xerox-xss.txt

🗓️ 29 May 2008 00:00:00Reported by DoZType

packetstorm🔗 packetstormsecurity.com👁 24 Views

Xerox DocuShare URL XSS Injection Vulnerabilities. Attacker may execute arbitrary script in browser, steal authentication credentials & launch attacks

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`XEROX DocuShare URL XSS Injection Vulnerabilities  
  
Xerox DocuShare is a flexible Web-based content management solution that brings greater productivity to every knowledge worker. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.  
  
  
Hackers Center Security Group (http://www.hackerscenter.com)  
Credit: Doz  
  
Class: Cross Site Scripting  
Remote: Yes  
  
Product: DocuShare  
Vendor: http://docushare.xerox.com/  
Version: 6 & Previous  
  
  
  
Attackers can exploit these issues via a web client.  
  
  
http://docushare.site.com/dsdn/dsweb/SearchResults/XSS  
  
http://docushare.site.com/dsdn/dsweb/Services/User-XSS  
  
http://docushare.site.com/docushare/dsweb/ServicesLib/Group-#/XSS  
  
  
  
Google Dork: DocuShare Login  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

29 May 2008 00:00Current

7.4High risk

Vulners AI Score7.4