CVE-2021-39425

MEDIUM

SeedDMS 6.0.15 - Open Redirect via Crafted Links

Title source: llm

Description

SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

References (2)

Core 2

Core References

Various Sources

https://medium.com/%40rohitgautam26/cve-2021-39425-8a336eba34dd

Third Party Advisory

https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/11-Client_Side_Testing/04-Testing_for_Client_Side_URL_Redirect

Scores

CVSS v3 6.1

EPSS 0.0050

EPSS Percentile 38.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-601

Status published

Products (1)

seeddms/seeddms 6.0.15

Published Jul 20, 2023

Tracked Since Feb 18, 2026