Cross-Site Scripting Vulnerability in OpenText Document Sciences xPression
CVE-2017-14755

6.1MEDIUM

Key Information:

Vendor: Opentext
Status: Document Sciences Xpression
Vendor: CVE Published:; 3 October 2017

Summary

OpenText Document Sciences xPression is vulnerable to Cross-Site Scripting (XSS) attacks, specifically through the '/xAdmin/html/XPressoDoc' URL, utilizing the 'categoryId' parameter. Attackers can exploit this vulnerability to inject malicious scripts into the web pages viewed by users, potentially compromising sensitive data and user integrity. This issue highlights the importance of validating input data to safeguard against such attacks.

References

https://knowledge.opentext.com/knowledge/llisapi.dll/Open...

x_refsource_MISC

http://seclists.org/fulldisclosure/2017/Sep/95

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 3, 2017
Vulnerability Reserved
Sep 27, 2017