CVE-2019-16307
https://notcve.org/view.php?id=CVE-2019-16307
A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp). Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado en el módulo webEx en los archivos webExMeetingLogin.jsp y deleteWebExMeetingCheck.jsp en Fuji Xerox DocuShare versiones hasta 7.0.0.C1.609, permite a atacantes remotos inyectar un script web o HTML arbitrario por medio del parámetro handle (archivo webExMeetingLogin.jsp) y el parámetro meetingKey (archivo deleteWebExMeetingCheck.jsp). • https://gist.github.com/izadgot/3efc75f62f9c9567c8f11bad74165425 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-5225 – Xerox DocuShare 6 - docushare/dsweb/ServicesLib/Group URI Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5225
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories. Múltiples vulnerabilidades de secuencias de ejecución de comandos en sitios cruzados en Xerox DocuShare v6 y anteriores que permite a atacantes remotos inyectar secuencias de comandos web o codigo HTML a traves de PATH_INFO a la URL por defecto a traves de (1) SearchResults/ y (2) Services/ en dsdn/dsweb/, y (3) la URL por defecto a traves de directorios inespecificos de docushare/dsweb/ServicesLib/Group-#/. • https://www.exploit-db.com/exploits/31864 https://www.exploit-db.com/exploits/31862 https://www.exploit-db.com/exploits/31863 http://secunia.com/advisories/30426 http://securityreason.com/securityalert/4638 http://www.securityfocus.com/archive/1/492766/100/0/threaded http://www.securityfocus.com/archive/1/492960/100/0/threaded http://www.securityfocus.com/bid/29430 http://www.securitytracker.com/id?1020147 http://www.vupen.com/english/advisories/2008/1701/references https:& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •