Xythos Enterprise Document Manager Multiple Input Validation Vulnerabilities

Xythos Enterprise Document Manager Multiple Input Validation Vulnerabilities

Xythos Enterprise Document Manager is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input data. These issues include multiple HTML-injection vulnerabilities, a cross-site scripting issue, and a Content-Type-spoofing weakness.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

The Content-Type-spoofing weakness may provide a vector of attack for attackers trying to exploit latent vulnerabilities in arbitrary applications.

Enterprise Document Manager in the 5.0 and 6.0 series, prior to 5.0.25.8 and 6.0.46.1, are vulnerable; other versions may also be affected.