Skip to main content

CVE-2007-3254

Severity Low
Score 3.5/10

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to deletion of a Workflow template; (3) the Content-Type HTTP header; or (4) the name of an uploaded file. NOTE: items 3 and 4 also affect the same version numbers of Xythos Digital Locker (XDL). Some or all vectors might also affect Xythos WebFile Server.

  • MEDIUM
  • NETWORK
  • SINGLE
  • PARTIAL
  • NONE
  • NONE

References

Advisory Timeline

  • Published