Opentext

Document Sciences Xpression

7 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2017-14960

Exploit
  • EPSS 9.5%
  • Veröffentlicht 04.01.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:13:50

xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection.

6.8

CVE-2017-14754

  • EPSS 0.37%
  • Veröffentlicht 03.10.2017 01:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_fi...

6.1

CVE-2017-14755

Exploit
  • EPSS 0.3%
  • Veröffentlicht 03.10.2017 01:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.

6.1

CVE-2017-14756

Exploit
  • EPSS 0.3%
  • Veröffentlicht 03.10.2017 01:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id).

8.8

CVE-2017-14757

Exploit
  • EPSS 0.33%
  • Veröffentlicht 03.10.2017 01:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In ord...

8.8

CVE-2017-14758

Exploit
  • EPSS 0.33%
  • Veröffentlicht 03.10.2017 01:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulne...

9.8

CVE-2017-14759

  • EPSS 0.46%
  • Veröffentlicht 03.10.2017 01:29:02
  • Zuletzt bearbeitet 20.04.2025 01:37:25

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. A...