8 matches found
EUVD-2017-6252
Malware in sbrugna...
EUVD-2017-6251
Malware in sbrugna...
Sql injection
xDashboard in OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 has SQL Injection...
Cross site scripting
OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to Cross-Site Scripting: /xAdmin/html/Deployment catid...
Xxe
OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is able to read directory...
Sql injection
OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to SQL Injection: /xAdmin/html/cmdoclistviewuc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticat...
CVE-2017-14755
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 is vulnerable to Cross-Site Scripting via /xAdmin/html/XPressoDoc with the categoryId parameter. The CNVD entry confirms a remote attacker can inject arbitrary JavaScript to be reflected to users, ena...
CVE-2017-14755
OpenText Document Sciences xPression formerly EMC Document Sciences xPression v4.5SP1 Patch 13 older versions might be affected as well is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId...