SeedDMS (formerly known as LetoDMS and MyDMS) is a PHP and MySql based document management system. A cross-site scripting vulnerability exists in SEEDMS versions 6.0.18 and 5.1.25, which are primarily used to store and share documents. The vulnerability can be exploited to inject a payload into the “Role management” menu and then trigger the payload by loading the “Users management” menu.
CPE | Name | Operator | Version |
---|---|---|---|
seeddms seeddms | eq | 6.0.18 | |
seeddms seeddms | eq | 5.1.25 |