ID CVE-2007-3254
Summary Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to deletion of a Workflow template; (3) the Content-Type HTTP header; or (4) the name of an uploaded file. NOTE: items 3 and 4 also affect the same version numbers of Xythos Digital Locker (XDL). Some or all vectors might also affect Xythos WebFile Server.
References
Vulnerable Configurations
  • cpe:2.3:a:xythos:enterprise_document_manager:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:xythos:enterprise_document_manager:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xythos:enterprise_document_manager:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:xythos:enterprise_document_manager:6.0:*:*:*:*:*:*:*
CVSS
Base: 3.5 (as of 16-10-2018 - 16:48)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:S/C:N/I:P/A:N
refmap via4
bid 24521
bugtraq 20070622 SYMSA-2007-004: Multiple Vulnerabilities in Xythos Server Products
misc http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-004.txt
osvdb
  • 37621
  • 37622
  • 37623
  • 37624
sectrack
  • 1018291
  • 1018292
secunia 25783
sreason 2845
xf xedm-multiple-xss(35083)
Last major update 16-10-2018 - 16:48
Published 27-06-2007 - 18:30
Last modified 16-10-2018 - 16:48
Back to Top