漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflow name, related to deletion of a Workflow template; (3) the Content-Type HTTP header; or (4) the name of an uploaded file. NOTE: items 3 and 4 also affect the same version numbers of Xythos Digital Locker (XDL). Some or all vectors might also affect Xythos WebFile Server.
漏洞信息
N/A
漏洞
N/A
漏洞
Xythos Enterprise Document Manager 跨站请求伪造漏洞
漏洞信息
Xythos Enterprise Document Manage中存在多个跨站请求伪造漏洞。远程认证用户可以借助(1)一个保存的Workflow名,(2)一个与删除Workflow模板相关Workflow名,(3)Content-Type HTTP头或(4)一个上传的文件名,以任意用户的身份执行指令。
漏洞信息
N/A
漏洞
N/A