CVE-2024-12020

Name of the Vulnerable Software and Affected Versions: LogicalDOC Enterprise (affected versions not specified)

Description: The issue is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the issue. Although stealing the session cookie is not possible due to cookie security flags, the XSS may be used to induce a victim to perform on-site requests without their knowledge.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this issue.