PT-2013-5960 · Emc Document Sciences · Xpression

Omer Coskun

Published

2013-11-21

Updated

2015-07-22

CVE-2013-6175

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions EMC Document Sciences xPression versions 4.1 SP1 before Patch 47 EMC Document Sciences xPression versions 4.2 before Patch 26 EMC Document Sciences xPression versions 4.5 before Patch 05

Description The issue allows remote attackers to inject arbitrary web script or HTML via unspecified input to a (1) xAdmin or (2) xDashboard form. This can be exploited by injecting malicious code into the forms, potentially leading to unauthorized access or control.

Recommendations For versions 4.1 SP1, apply Patch 47 to resolve the issue. For versions 4.2, apply Patch 26 to resolve the issue. For versions 4.5, apply Patch 05 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2013-6175

Affected Products

Xpression

PT-2013-5960 · Emc Document Sciences · Xpression

CVE-2013-6175

Weakness Enumeration

Related Identifiers

Affected Products

References · 5