CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16307
https://notcve.org/view.php?id=CVE-2019-16307
A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp). Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado en el módulo webEx en los archivos webExMeetingLogin.jsp y deleteWebExMeetingCheck.jsp en Fuji Xerox DocuShare versiones hasta 7.0.0.C1.609, permite a atacantes remotos inyectar un script web o HTML arbitrario por medio del parámetro handle (archivo webExMeetingLogin.jsp) y el parámetro meetingKey (archivo deleteWebExMeetingCheck.jsp). • https://gist.github.com/izadgot/3efc75f62f9c9567c8f11bad74165425 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 4CVE-2014-3138 – Xerox DocuShare - SQL Injection
https://notcve.org/view.php?id=CVE-2014-3138
SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de inyección SQL en DocuShare anterior a versión 6.53 Parche 6 Hotfix 2, versión 6.6.1 Update 1 y anterior a Hotfix 24, y versión 6.6.1 Update 2 y anteriores a Hotfix 3 de Xerox, permite a usuarios autenticados remotos ejecutar comandos SQL arbitrarios por medio del PATH_INFO en /docushare/dsweb/ResultBackgroundJobMultiple/. NOTA: algunos de estos datos se obtienen de la información de terceros. • https://www.exploit-db.com/exploits/32886 http://packetstormsecurity.com/files/126171/Xerox-DocuShare-SQL-Injection.html http://seclists.org/fulldisclosure/2014/Apr/205 http://secunia.com/advisories/57996 http://www.exploit-db.com/exploits/32886 http://www.osvdb.org/105972 http://www.securityfocus.com/bid/66922 http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/92548 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 1%CPEs: 7EXPL: 3CVE-2008-5225 – Xerox DocuShare 6 - docushare/dsweb/ServicesLib/Group URI Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-5225
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories. Múltiples vulnerabilidades de secuencias de ejecución de comandos en sitios cruzados en Xerox DocuShare v6 y anteriores que permite a atacantes remotos inyectar secuencias de comandos web o codigo HTML a traves de PATH_INFO a la URL por defecto a traves de (1) SearchResults/ y (2) Services/ en dsdn/dsweb/, y (3) la URL por defecto a traves de directorios inespecificos de docushare/dsweb/ServicesLib/Group-#/. • https://www.exploit-db.com/exploits/31864 https://www.exploit-db.com/exploits/31862 https://www.exploit-db.com/exploits/31863 http://secunia.com/advisories/30426 http://securityreason.com/securityalert/4638 http://www.securityfocus.com/archive/1/492766/100/0/threaded http://www.securityfocus.com/archive/1/492960/100/0/threaded http://www.securityfocus.com/bid/29430 http://www.securitytracker.com/id?1020147 http://www.vupen.com/english/advisories/2008/1701/references https:& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •