CVE-2022-28051

MEDIUM

SeedDMS 6.0.18 and 5.1.25 - Stored Cross-Site Scripting via Add Category Functionality

Title source: llm
STIX 2.1

Description

The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.

References (3)

Core 3

Scores

CVSS v3 5.4
EPSS 0.0087
EPSS Percentile 54.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
seeddms/seeddms 5.1.25
seeddms/seeddms 6.0.18
Published Jun 06, 2022
Tracked Since Feb 18, 2026