Cross-Site Scripting Vulnerabilities in Xerox DocuShare

CVE-2008-5225

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in Xerox DocuShare versions 6 and earlier, enabling remote attackers to inject arbitrary web scripts or HTML. This can occur through the PATH_INFO parameter to the default URI under specific directories such as SearchResults/ and Services/ in dsdn/dsweb/. Attackers may also exploit unspecified directories under docushare/dsweb/ServicesLib/Group-#/. The risk posed by these vulnerabilities could lead to unauthorized access or content manipulation.

References