Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19936
HistoryMay 30, 2008 - 12:00 a.m.

XEROX DocuShare URL XSS Injection Vulnerabilities

2008-05-3000:00:00
vulners.com
22
JSON

XEROX DocuShare URL XSS Injection Vulnerabilities

Xerox DocuShare is a flexible Web-based content management solution that brings greater productivity
to every knowledge worker. An attacker may leverage these issues to execute arbitrary script code in
the browser of an unsuspecting user in the context of the affected site. This may allow the attacker
to steal cookie-based authentication credentials and to launch other attacks.

Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz

Class: Cross Site Scripting
Remote: Yes

Product: DocuShare
Vendor: http://docushare.xerox.com/
Version: 6 & Previous

Attackers can exploit these issues via a web client.

http://docushare.site.com/dsdn/dsweb/SearchResults/XSS

http://docushare.site.com/dsdn/dsweb/Services/User-XSS

http://docushare.site.com/docushare/dsweb/ServicesLib/Group-#/XSS

Google Dork: DocuShare Login

JSON