Design/Logic Flaw

Xythos Enterprise Document Manager XEDM, Digital Locker XDL, and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via 1 a saved Workflow name; 2 a Workflow name, related to deletion of a Workflow template...

CVE-2007-3254

CVE-2007-3254 covers multiple stored and reflected XSS vulnerabilities in Xythos Enterprise Document Manager (XEDM) versions prior to 5.0.25.8 and 6.x prior to 6.0.46.1. The issues enable remote authenticated users to inject arbitrary HTML/JavaScript via (1) a saved Workflow name; (2) a Workflow ...

CVE-2007-3256

CVE-2007-3256 affects Xythos Enterprise Document Manager (XEDM), Xythos Digital Locker (XDL), and possibly WebFile Server prior to 6.0.46.1. The root issue is insufficient server-side validation of the Content-Type value set by remote authenticated users, allowing them to associate arbitrary Cont...

CVE-2007-3255

CVE-2007-3255 affects Xythos Enterprise Document Manager (XEDM) and related products. Vulnerabilities allow remote authenticated users to perform actions as other users via CSRF: (1) a saved Workflow name and (2) Content-Type header manipulation. Affects XEDM <5.0.25.8 and 6.x

SYMSA-2007-004: Multiple Vulnerabilities in Xythos Server Products

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2007-004 Advisory Title: Multiple Vulnerabilities in Xythos Server Products Author: Brian Reilly / [email protected] Release Date: 26-06-2007...