CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2017-14960 affects EMC OpenText/Document Sciences xPression xDashboard. The vulnerability is a SQL Injection in xDashboard (v4.5SP1 Patch 13) via the parameter model.jobHistoryId used in jobDocHistoryList.action, enabling an attacker to retrieve data from the underlying database. The issue is...

7.5CVSS7.7AI score0.03737EPSS

Exploits5References3Affected Software1

CNVD•added 2017/10/09 12:0 a.m.•3 views

OpenText Document Sciences xPression Cross-Site Scripting Vulnerability (CNVD-2017-33297)

OpenText Document Sciences xPression formerly known as EMC Document Sciences xPression is a document output management and customer communication solution from OpenText Canada. The solution integrates with an organization's Customer Relationship Management CRM, Enterprise Content Management ECM a...

6.1CVSS6.2AI score0.00661EPSS

Exploits3References1

NVD•added 2017/10/03 1:29 a.m.•13 views

CVE-2017-14759

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory...

9.8CVSS9.4AI score0.01311EPSS

Exploits1References2

OSV•added 2017/10/03 1:29 a.m.•2 views

CVE-2017-14756

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to Cross-Site Scripting: /xAdmin/html/Deployment catid...

6.1CVSS5.8AI score0.00661EPSS

Exploits3References2

OSV•added 2017/10/03 1:29 a.m.•1 views

CVE-2017-14758

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to SQL Injection: /xAdmin/html/cmdoclistviewuc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticat...

8.8CVSS5.8AI score0.02672EPSS

Exploits6References3

OSV•added 2017/10/03 1:29 a.m.•2 views

CVE-2017-14754

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to Arbitrary File Read: /xAdmin/html/cmdatasourcegroupxsd.jsp, parameter: xsddatasourceschemafile filename. In order for this vulnerability to be...

6.5CVSS5.8AI score0.01297EPSS

Exploits2References2

Prion•added 2017/10/03 1:29 a.m.•15 views

Sql injection

6.5CVSS8.8AI score0.02672EPSS

Exploits6References3Affected Software1

Prion•added 2017/10/03 1:29 a.m.•12 views

Sql injection

OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an...

6.5CVSS8.8AI score0.01895EPSS

Exploits6References3Affected Software1

CVE•added 2017/10/02 5:0 p.m.•60 views

CVE-2017-14758

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 is vulnerable to SQL Injection via /xAdmin/html/cm_doclist_view_uc.jsp with the documentId parameter. The vulnerability requires authentication to the application. Root cause: lack of prepared stateme...

8.8CVSS8.7AI score0.02672EPSS

Exploits6References3Affected Software1

Cvelist•added 2017/10/02 5:0 p.m.•15 views

CVE-2017-14759

9.4AI score0.01311EPSS

Exploits1References2

Cvelist•added 2017/10/02 5:0 p.m.•23 views

CVE-2017-14757

8.8AI score0.01895EPSS

Exploits6References3

Exploit DB•added 2017/10/02 12:0 a.m.•66 views

OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection

Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14758 Affected Software: ================== OpenText Document Sciences xPression formerly EMC Document Sciences xPression Exploit was...

8.8CVSS8.8AI score0.02672EPSS

Exploits6

0day.today•added 2017/10/02 12:0 a.m.•44 views

OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection Vulnerability

Exploit for jsp platform in category web applications Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText Document Sciences xPressio...

6.5CVSS0.2AI score0.01895EPSS

Exploits6

exploitpack•added 2017/10/02 12:0 a.m.•68 views

OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection

OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14758 Affected Software: ================== OpenText...

6.5CVSS0.6AI score0.02672EPSS

Exploits6

exploitpack•added 2017/10/02 12:0 a.m.•59 views

OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection

OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText...

6.5CVSS0.3AI score0.01895EPSS

Exploits6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by