looCiprian

4 exploits Active since Jun 2022
CVE-2022-28051 WRITEUP MEDIUM WRITEUP
SeedDMS 6.0.18 and 5.1.25 - Stored Cross-Site Scripting via Add Category Functionality
The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.
CVSS 5.4
CVE-2022-28051 WRITEUP MEDIUM WRITEUP
SeedDMS 6.0.18 and 5.1.25 - Stored Cross-Site Scripting via Add Category Functionality
The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.
CVSS 5.4
CVE-2022-28478 WRITEUP MEDIUM WRITEUP
SeedDMS <6.0.17, <5.1.24 - Path Traversal
SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system.
CVSS 6.5
CVE-2022-28479 WRITEUP MEDIUM WRITEUP
SeedDMS <= 6.0.18 and <= 5.1.25 - Authenticated Stored Cross-Site Scripting in Role Management
SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu
CVSS 4.8