VYPR

Document Sciences Xpression

by Opentext

CVEs (7)

  • CVE-2017-14759CriOct 3, 2017
    risk 0.64cvss 9.8epss 0.01

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. An unauthenticated user is…

  • CVE-2017-14758HigOct 3, 2017
    risk 0.60cvss 8.8epss 0.03

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an…

  • CVE-2017-14757HigOct 3, 2017
    risk 0.60cvss 8.8epss 0.02

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to…

  • CVE-2017-14960HigJan 4, 2018
    risk 0.52cvss 7.5epss 0.04

    xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection.

  • CVE-2017-14754MedOct 3, 2017
    risk 0.42cvss 6.5epss 0.01

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. In order for…

  • CVE-2017-14756MedOct 3, 2017
    risk 0.40cvss 6.1epss 0.01

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id).

  • CVE-2017-14755MedOct 3, 2017
    risk 0.40cvss 6.1epss 0.01

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.