XEROX DocuShare versions 6 and below suffer from a cross site scripting vulnerability.
4cba5101d83028f6e81dba72d1b73397aeced0287b02b2f3d13bc8b40f86ef2fXEROX DocuShare URL XSS Injection Vulnerabilities
Xerox DocuShare is a flexible Web-based content management solution that brings greater productivity to every knowledge worker. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Class: Cross Site Scripting
Remote: Yes
Product: DocuShare
Vendor: http://docushare.xerox.com/
Version: 6 & Previous
Attackers can exploit these issues via a web client.
http://docushare.site.com/dsdn/dsweb/SearchResults/XSS
http://docushare.site.com/dsdn/dsweb/Services/User-XSS
http://docushare.site.com/docushare/dsweb/ServicesLib/Group-#/XSS
Google Dork: DocuShare Login
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed