SeedDMS Cross-Site Scripting Vulnerability (CNVD-2022-05448)

2021-10-2500:00:00

China National Vulnerability Database

www.cnvd.org.cn

0.001 Low

EPSS

Percentile

35.1%

JSON

SeedDMS is a free document management system with an easy-to-use web-based user interface.A cross-site scripting vulnerability exists in the AddEvent.php component of SeedDMS version 6.0.7. An attacker could exploit the vulnerability to inject malicious scripting code via the name and comment parameters.

CPENameOperatorVersion
seeddms seeddmseq4.3.37
seeddms seeddmseq5.0.13
seeddms seeddmseq5.1.14
seeddms seeddmseq5.1.16
seeddms seeddmseq5.1.18
seeddms seeddmseq6.0.7