Vulnerabilities for Docushare (...) - CXSECURITY.COM

Vulnerabilities for 'Docushare'

2014-05-01

CVE-2014-3138

CWE-89

SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information.

2008-11-25

CVE-2008-5225

CWE-79

Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories.

>>> Vendor: Xerox 78 Products

Workcentre 2128

Workcentre 2636

Workcentre 32 color

Workcentre 3545

Workcentre 40 color

Workcentre m165

Workcentre m175

Document centre 220

Document centre 230

Document centre 240

Document centre 255

Document centre 265

Document centre 332

Document centre 340

Document centre 420

Document centre 425

Document centre 426

Document centre 430

Document centre 432

Document centre 440

Document centre 460

Document centre 470

Document centre 480

Document centre 490

Document centre 535

Document centre 545

Document centre 555

Workcentre 5632

Workcentre 5638

Workcentre 5645

Workcentre 5655

Workcentre 5665

Workcentre 5675

Workcentre 5687

Workcentre 6400 net controller

Workcentre 6400 system software

Freeflow print server

Copycentre c65 firmware

Copycentre c75 firmware

Copycentre c90 firmware

Workcentre pro 65 firmware

Workcentre pro 75 firmware

Workcentre pro 90 firmware

Colorqube 8580 firmware

Atlalink firmware

Copyright 2024, cxsecurity.com