CVE-2008-5225

Name of the Vulnerable Software and Affected Versions Xerox DocuShare versions 6 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to specific URIs, including (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under unspecified docushare/dsweb/ServicesLib/Group-#/ directories. This can be exploited by sending malicious requests to these API endpoints.

Recommendations For Xerox DocuShare versions 6 and earlier, update to a version later than 6 to resolve the issue. At the moment, there is no information about other specific fixes for this issue.