PT-2025-44662 · Logicaldoc · Logicaldoc Community Edition

Zeeshan Khan

·

Publicado

2025-10-31

·

Atualizado

2025-11-07

·

CVE-2025-12546

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions LogicalDOC Community Edition versions up to 9.2.1
Description A security issue exists in LogicalDOC Community Edition related to the API Key creation UI. This issue allows for cross site scripting. Remote exploitation is possible, and the exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.
Recommendations Versions prior to 9.2.1 should be updated.

Exploit

Correção

XSS

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79CWE-94

Identificadores relacionados

CVE-2025-12546

Produtos afetados

Logicaldoc Community Edition