Skip to main content

Document Sciences Xpression CVE-2017-14756

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2017-10-03 cve@mitre.org
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 03, 2017 - 01:29 cve.org
MEDIUM 6.1

DescriptionCVE.org

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id).

AnalysisAI

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id). Affected products include: Opentext Document Sciences Xpression.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2017-14758 HIGH POC
8.8 Oct 03

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might b

CVE-2017-14757 HIGH POC
8.8 Oct 03

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might b

CVE-2017-14755 MEDIUM POC
6.1 Oct 03

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might b

CVE-2017-14759 CRITICAL
9.8 Oct 03

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might b

CVE-2013-6173 MEDIUM
6.8 Nov 21

Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4

CVE-2017-14754 MEDIUM
6.5 Oct 03

OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might b

CVE-2013-6176 MEDIUM
6.5 Nov 21

Multiple SQL injection vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26,

CVE-2015-0540 MEDIUM
6.5 May 25

SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before

CVE-2013-6174 MEDIUM
5.8 Nov 21

Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before

CVE-2013-6175 MEDIUM
4.3 Nov 21

Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 befo

CVE-2013-6177 LOW
3.5 Nov 21

Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4

Share

CVE-2017-14756 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy