Shodan
Vulnerabilities
Vulnerable Software
Seeddms:  >> Seeddms  Security Vulnerabilities
CVE-2025-45752
A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-05-21
CVE-2021-39421
A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-07-24
CVE-2021-39425
SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-07-20
CVE-2021-33223
An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-06-07
CVE-2022-44938
Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-12-08
CVE-2022-28051
The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-06-06
CVE-2022-28478
SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system.
CVSS Score
6.5
EPSS Score
0.013
Published
2022-06-06
CVE-2022-28479
SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu
CVSS Score
4.8
EPSS Score
0.006
Published
2022-06-06
CVE-2021-45408
Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-02-04
CVE-2020-23048
SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-10-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved