CVE-2022-28051

MEDIUM

Seeddms - XSS

Title source: rule

Description

The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.

References (3)

Core 3

Core References

Patch, Third Party Advisory x_refsource_misc

https://sourceforge.net/p/seeddms/code/ci/6fc17be5d95e8f00fbe5c124c4acd377fa2ce69d/

Third Party Advisory x_refsource_misc

https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/blob/main/CVE-2022-28051/README.md

View Writeup ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/tree/main/CVE-2022-28051

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0077

EPSS Percentile 73.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

seeddms/seeddms 5.1.25

seeddms/seeddms 6.0.18

Published Jun 06, 2022

Tracked Since Feb 18, 2026