Uwe Steinmann

#14901of 53,632
18Total CVSS
Vulnerabilities · 3
Medium
3
PT-2022-18778
5.4
2022-06-06
Seeddms · Seeddms · CVE-2022-28051
**Name of the Vulnerable Software and Affected Versions** SeedDMS versions 5.1.25 through 6.0.18 **Description** The issue affects the "Add category" functionality inside the "Global Keywords" menu, allowing an attacker to inject malicious javascript code through stored XSS. **Recommendations** For versions 5.1.25 through 6.0.18, consider disabling the "Add category" functionality until a patch is available to prevent exploitation. Restrict access to the "Global Keywords" menu to minimize the risk of stored XSS attacks. Avoid using the "Add category" feature in the affected versions until the issue is resolved.
PT-2022-19051
6.5
2022-06-06
Seeddms · Seeddms · CVE-2022-28478
**Name of the Vulnerable Software and Affected Versions** SeedDMS versions 5.1.24 and 6.0.17 **Description** The issue arises from the "Remove file" functionality inside the "Log files management" menu, which does not properly sanitize user input. This allows attackers with admin privileges to delete arbitrary files on the remote system. The problem is related to a Directory Traversal issue. **Recommendations** For SeedDMS version 5.1.24, update to a version that fixes the Directory Traversal issue in the "Remove file" functionality. For SeedDMS version 6.0.17, update to a version that fixes the Directory Traversal issue in the "Remove file" functionality. As a temporary workaround, consider restricting access to the "Log files management" menu to minimize the risk of exploitation.
PT-2020-17036
6.1
2020-12-07
Seeddms · Seeddms · CVE-2020-28727
**Name of the Vulnerable Software and Affected Versions** SeedDMS version 6.0.13 **Description** Cross-site scripting (XSS) exists via the `folderid` parameter to the "views/bootstrap/class.DropFolderChooser.php" file. This issue allows for potential XSS attacks. **Recommendations** For SeedDMS version 6.0.13, consider restricting access to the `folderid` parameter in the affected file until a patch is available. As a temporary workaround, avoid using the `folderid` parameter in the vulnerable endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.