PT-2023-15298 · Unknown · Logicaldoc
Matthew Kienow
·
Published
2023-02-07
·
Updated
2025-03-25
·
CVE-2022-47418
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
LogicalDOC Enterprise and Community Edition (CE) (affected versions not specified)
Description
The issue is a stored cross-site scripting (XSS) condition in the document version comments, which allows for persistent or "Type II" XSS attacks. This means that an attacker can inject malicious code into the comments of a document version, and this code will be executed when other users view the comments.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Logicaldoc