Simon Njuguna

**Name of the Vulnerable Software and Affected Versions** SeedDMS version 6.0.32 **Description** A stored cross-site scripting (XSS) issue exists, allowing an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name. **Recommendations** For SeedDMS version 6.0.32, consider restricting the ability to create documents with arbitrary names to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SeedDMS version 6.0.32 **Description** A vulnerability in SeedDMS allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. **Recommendations** For SeedDMS version 6.0.32, consider disabling the zip import functionality in the Extension Manager as a temporary workaround until a patch is available. Restrict access to the Extension Manager to minimize the risk of exploitation.