Logicaldoc: >> Logicaldoc >> 8.9.3 Security Vulnerabilities
There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possible due to cookie security flags, however the XSS may be used to induce a victim to perform on-site requests without their knowledge.
This vulnerability only affects LogicalDOC Enterprise.
CVSS Score
6.1
EPSS Score
0.003
Published
2025-03-14