Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI under 1 SearchResults/ and 2 Services/ in dsdn/dsweb/, and 3 the default URI under unspecified...

Xerox DocuShare dsweb Servlet Multiple XSS

The remote host is running DocuShare, a web-based document management application from Xerox. The version of DocuShare installed on the remote host fails to sanitize user input to the 'dsweb' servlet before including it in dynamic HTML output. An attacker may be able to leverage this issue to...