VYPR
Unrated severityNVD Advisory· Published Jun 27, 2007· Updated Jun 16, 2026

CVE-2007-3255

CVE-2007-3255

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP header. NOTE: item 2 also affects the same version numbers of Xythos Digital Locker (XDL). One or both vectors might also affect Xythos WebFile Server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:xythos:enterprise_document_manager:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:xythos:enterprise_document_manager:*:*:*:*:*:*:*:*range: <=5.0.25.7
    • (no CPE)range: <5.0.25.8, <6.0.46.1
  • Range: <5.0.25.8, <6.0.46.1

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.