PT-2022-18778 · Seeddms · Seeddms

Uwe Steinmann

Published

2022-06-06

Updated

2022-06-13

CVE-2022-28051

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SeedDMS versions 5.1.25 through 6.0.18

Description The issue affects the "Add category" functionality inside the "Global Keywords" menu, allowing an attacker to inject malicious javascript code through stored XSS.

Recommendations For versions 5.1.25 through 6.0.18, consider disabling the "Add category" functionality until a patch is available to prevent exploitation. Restrict access to the "Global Keywords" menu to minimize the risk of stored XSS attacks. Avoid using the "Add category" feature in the affected versions until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-28051

Affected Products

Seeddms

PT-2022-18778 · Seeddms · Seeddms

CVE-2022-28051

Weakness Enumeration

Related Identifiers

Affected Products

References · 7