CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14755 – OpenText Document Sciences xPression 4.5SP1 Patch 13 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-14755
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId. OpenText Document Sciences xPression (anteriormente conocido como EMC Document Sciences xPression) v4.5SP1 Patch 13 (otras versiones más antiguas también podrían verse afectadas) es propenso a Cross-Site Scripting (XSS): /xAdmin/html/XPressoDoc, parámetro: categoryId. OpenText Document Sciences xPression version 4.5SP1 Patch 13 suffers from a cross site scripting vulnerability in the XPressoDoc functionality. • http://seclists.org/fulldisclosure/2017/Sep/95 https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14754 – OpenText Document Sciences xPression 4.5SP1 Patch 13 Arbitrary File Read
https://notcve.org/view.php?id=CVE-2017-14754
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. OpenText Document Sciences xPression (anteriormente conocido como EMC Document Sciences xPression) v4.5SP1 Patch 13 (otras versiones más antiguas también podrían verse afectadas) es propenso a una lectura de archivos arbitrarios: /xAdmin/html/cm_datasource_group_xsd.jsp, parámetro: xsd_datasource_schema_file filename. Para que esta vulnerabilidad sea explotada, un atacante debe autenticarse antes en la aplicación. OpenText Document Sciences xPression version 4.5SP1 Patch 13 suffers from an arbitrary file read vulnerability. • http://seclists.org/fulldisclosure/2017/Sep/92 https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •