XEROX DocuShare versions 6 and below suffer from a cross site scripting vulnerability.
6b3c1615f69e72ad510afb7522a87c74XEROX DocuShare URL XSS Injection Vulnerabilities
Xerox DocuShare is a flexible Web-based content management solution that brings greater productivity to every knowledge worker. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz
Class: Cross Site Scripting
Remote: Yes
Product: DocuShare
Vendor: http://docushare.xerox.com/
Version: 6 & Previous
Attackers can exploit these issues via a web client.
http://docushare.site.com/dsdn/dsweb/SearchResults/XSS
http://docushare.site.com/dsdn/dsweb/Services/User-XSS
http://docushare.site.com/docushare/dsweb/ServicesLib/Group-#/XSS
Google Dork: DocuShare Login
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!