Nimit Jain

3 exploits Active since Jun 2019
CVE-2019-12801 EXPLOITDB MEDIUM text WORKING POC
SeedDMS 5.1.11 - Stored Cross-Site Scripting via Group Name
out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name.
CVSS 6.1
CVE-2019-12745 EXPLOITDB MEDIUM text WORKING POC
SeedDMS < 5.1.11 - Stored Cross-Site Scripting via Name Field
out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.
CVSS 5.4
CVE-2019-12744 EXPLOITDB HIGH text WORKING POC
seeddms < 5.1.11 - Remote Command Execution via Unvalidated PHP File Upload
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.
CVSS 7.5