Описание
The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.
Ссылки
- Third Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:seeddms:seeddms:5.1.25:*:*:*:*:*:*:*
cpe:2.3:a:seeddms:seeddms:6.0.18:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00615
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.
EPSS
Процентиль: 69%
0.00615
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79