PT-2024-27709 · Tessi · Tessi Docubase Document Management

Published

2024-06-21

Updated

2024-06-24

CVE-2024-37675

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Tessi Docubase Document Management product versions 5.x

Description The issue allows a remote attacker to execute arbitrary code via the parameter sectionContent related to the functionality of adding notes to an uploaded file. This is a Cross Site Scripting vulnerability.

Recommendations For Tessi Docubase Document Management product version 5.x, consider disabling the functionality of adding notes to an uploaded file until a patch is available. Restrict access to the sectionContent parameter to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-37675

Affected Products

Tessi Docubase Document Management

PT-2024-27709 · Tessi · Tessi Docubase Document Management

CVE-2024-37675

Weakness Enumeration

Related Identifiers

Affected Products

References · 7