CVE-2022-28479

Опубликовано: 06 июн. 2022

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu

Ссылки

https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/tree/main/CVE-2022-28479
Exploit
Patch
Third Party Advisory
https://sourceforge.net/p/seeddms/code/ci/9e92524fdbd1e7c3e6771d669f140c62389ec375/
Patch
Vendor Advisory
https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/tree/main/CVE-2022-28479
Exploit
Patch
Third Party Advisory
https://sourceforge.net/p/seeddms/code/ci/9e92524fdbd1e7c3e6771d669f140c62389ec375/
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:seeddms:seeddms:5.1.25:*:*:*:*:*:*:*

cpe:2.3:a:seeddms:seeddms:6.0.18:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00558

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-j4vr-p2v7-rh48