CVE-2007-3254

Name of the Vulnerable Software and Affected Versions Xythos Enterprise Document Manager (XEDM) versions 5.0.25.8 and earlier, and 6.x versions prior to 6.0.46.1 Xythos Digital Locker (XDL) versions 5.0.25.8 and earlier, and 6.x versions prior to 6.0.46.1

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via various means, including a saved Workflow name, a Workflow name related to deletion of a Workflow template, the Content-Type HTTP header, or the name of an uploaded file. This affects Xythos Enterprise Document Manager and Xythos Digital Locker.

Recommendations For Xythos Enterprise Document Manager (XEDM) versions 5.0.25.8 and earlier, update to version 5.0.25.8 or later. For Xythos Enterprise Document Manager (XEDM) 6.x versions prior to 6.0.46.1, update to version 6.0.46.1 or later. For Xythos Digital Locker (XDL) versions 5.0.25.8 and earlier, update to version 5.0.25.8 or later. For Xythos Digital Locker (XDL) 6.x versions prior to 6.0.46.1, update to version 6.0.46.1 or later.