RSS   Podatności dla 'Seeddms'   RSS

2021-10-22
 
CVE-2020-23048

CWE-79
 

 
SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters.

 
2021-08-03
 
CVE-2021-35343

CWE-352
 

 
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.

 
 
CVE-2021-36542

CWE-352
 

 
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.

 
 
CVE-2021-36543

CWE-352
 

 
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.

 
2021-03-18
 
CVE-2021-26216

CWE-352
 

 
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.

 
 
CVE-2021-26215

CWE-352
 

 
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.

 
2020-12-07
 
CVE-2020-28727

CWE-79
 

 
Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/class.DropFolderChooser.php.

 
2020-11-24
 
CVE-2020-28726

CWE-601
 

 
Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php.

 
2019-06-28
 
CVE-2019-12932

CWE-79
 

 
A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php.

 
2019-06-20
 
CVE-2019-12745

 

 
out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.

 


Copyright 2021, cxsecurity.com

 

Back to Top