Vulnerabilities > Opentext > Document Sciences Xpression
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-04 | CVE-2017-14960 | SQL Injection vulnerability in Opentext Document Sciences Xpression 4.5 xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection. | 5.0 |
| 2017-10-03 | CVE-2017-14759 | XXE vulnerability in Opentext Document Sciences Xpression 4.5 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to an XML External Entity vulnerability: /xFramework/services/QuickDoc.QuickDocHttpSoap11Endpoint/. | 7.5 |
| 2017-10-03 | CVE-2017-14758 | SQL Injection vulnerability in Opentext Document Sciences Xpression 4.5 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. | 6.5 |
| 2017-10-03 | CVE-2017-14757 | SQL Injection vulnerability in Opentext Document Sciences Xpression OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. | 6.5 |
| 2017-10-03 | CVE-2017-14756 | Cross-site Scripting vulnerability in Opentext Document Sciences Xpression 4.5 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id). | 4.3 |
| 2017-10-03 | CVE-2017-14755 | Cross-site Scripting vulnerability in Opentext Document Sciences Xpression 4.5 OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId. | 4.3 |
| 2017-10-03 | CVE-2017-14754 | Path Traversal vulnerability in Opentext Document Sciences Xpression OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Arbitrary File Read: /xAdmin/html/cm_datasource_group_xsd.jsp, parameter: xsd_datasource_schema_file filename. | 6.8 |