Описание
LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name.
Ссылки
- https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/ExploitThird Party Advisory
- https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-xss-cve-2022-47412-through-cve-20222-47419/ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:logicaldoc:logicaldoc:8.7.3:*:*:*:community:*:*:*
cpe:2.3:a:logicaldoc:logicaldoc:8.8.2:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 46%
0.00235
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
около 3 лет назад
LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name.
EPSS
Процентиль: 46%
0.00235
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
CWE-79