CVE-2022-47415

Name of the Vulnerable Software and Affected Versions LogicalDOC Enterprise and Community Edition (CE) (affected versions not specified)

Description The issue is related to a stored cross-site scripting (XSS) condition in the in-app messaging system, affecting both subject and message bodies. This type of XSS is also known as "Type II" or persistent XSS, meaning the malicious script is stored on the server and can be executed by multiple users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.