CVE-2022-47418

Name of the Vulnerable Software and Affected Versions LogicalDOC Enterprise and Community Edition (CE) (affected versions not specified)

Description The issue is a stored cross-site scripting (XSS) condition in the document version comments, which allows for persistent or "Type II" XSS attacks. This means that an attacker can inject malicious code into the comments of a document version, and this code will be executed when other users view the comments.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.