Xerox Docushare vulnerabilities
2 known vulnerabilities affecting xerox/docushare.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2014-3138P3MEDIUMCVSS 6.5PoCv6.5.3v6.6.12014-05-02
CVE-2014-3138 [MEDIUM] CWE-89 CVE-2014-3138: SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before H
SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information.
nvd
CVE-2008-5225P4MEDIUMCVSS 4.3PoC≤ 6v4+5 more2008-11-25
CVE-2008-5225 [MEDIUM] CWE-79 CVE-2008-5225: Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote at
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories.
nvd