The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.
References
Link | Resource |
---|---|
https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/blob/main/CVE-2022-28051/README.md | Third Party Advisory |
https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/tree/main/CVE-2022-28051 | Exploit Third Party Advisory |
https://sourceforge.net/p/seeddms/code/ci/6fc17be5d95e8f00fbe5c124c4acd377fa2ce69d/ | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-06-06T22:17:40
Updated: 2022-06-06T22:17:40
Reserved: 2022-03-28T00:00:00
Link: CVE-2022-28051
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-06T23:15:08.020
Modified: 2022-06-13T19:29:14.217
Link: CVE-2022-28051
JSON object: View
Redhat Information
No data.
CWE