Vulnerability Details CVE-2007-3255
Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name or (2) the Content-Type HTTP header. NOTE: item 2 also affects the same version numbers of Xythos Digital Locker (XDL). One or both vectors might also affect Xythos WebFile Server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.7%
CVSS Severity
CVSS v2 Score 6.5
References
- http://osvdb.org/37615
- http://osvdb.org/37616
- http://secunia.com/advisories/25783
- http://securityreason.com/securityalert/2845
- http://securitytracker.com/id?1018291
- http://securitytracker.com/id?1018292
- http://www.securityfocus.com/archive/1/472275/100/0/threaded
- http://www.securityfocus.com/bid/24521
- http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-004.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35084
- http://osvdb.org/37615
- http://osvdb.org/37616
- http://secunia.com/advisories/25783
- http://securityreason.com/securityalert/2845
- http://securitytracker.com/id?1018291
- http://securitytracker.com/id?1018292
- http://www.securityfocus.com/archive/1/472275/100/0/threaded
- http://www.securityfocus.com/bid/24521
- http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-004.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35084
Products affected by CVE-2007-3255
-
cpe:2.3:a:xythos:enterprise_document_manager:*