Vulnerabilities
Vulnerable Software
Seeddms:  >> Seeddms  Security Vulnerabilities
SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu
CVSS Score
4.8
EPSS Score
0.006
Published
2022-06-06
Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-02-04
SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-10-22
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-08-03
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-08-03
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-08-03
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-03-18
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-03-18
Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/class.DropFolderChooser.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-12-07
Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-11-24


Contact Us

Shodan ® - All rights reserved