XEROX DocuShare URL XSS Injection Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XEROX DocuShare URL XSS Injection Vulnerabilities
From: DoZ@xxxxxxxxxxxxxxxxx
Date: 29 May 2008 19:44:30 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

XEROX DocuShare URL XSS Injection Vulnerabilities

Xerox DocuShare is a flexible Web-based content management solution that brings 
greater productivity to every knowledge worker. An attacker may leverage these 
issues to execute arbitrary script code in the browser of an unsuspecting user 
in the context of the affected site. This may allow the attacker to steal 
cookie-based authentication credentials and to launch other attacks.


Hackers Center Security Group (http://www.hackerscenter.com)
Credit: Doz

Class: Cross Site Scripting
Remote: Yes

Product: DocuShare
Vendor: http://docushare.xerox.com/
Version: 6 & Previous



Attackers can exploit these issues via a web client.


http://docushare.site.com/dsdn/dsweb/SearchResults/XSS

http://docushare.site.com/dsdn/dsweb/Services/User-XSS

http://docushare.site.com/docushare/dsweb/ServicesLib/Group-#/XSS



Google Dork: DocuShare Login

Prev by Date: Re: [HV-INFO] Enova hardware encryption: false sense of security
Next by Date: Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability
Previous by thread: dvbbs8.2(access/sql)version login.asp remote sql injection
Next by thread: Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability
Index(es):
- Date
- Thread