Lucene search
China National Vulnerability DatabaseCNVD-2022-66668HistoryJun 08, 2022 - 12:00 a.m.
SeedDMS Cross-Site Scripting Vulnerability (CNVD-2022-66668)
2022-06-0800:00:00
China National Vulnerability Database
www.cnvd.org.cn
20
0.001 Low
EPSS
Percentile
24.8%
SeedDMS (formerly known as LetoDMS and MyDMS) is a PHP and MySql based document management system. A cross-site scripting vulnerability exists in SEEDMS versions 6.0.18 and 5.1.25, which are primarily used to store and share documents. The vulnerability can be exploited to inject a payload into the “Role management” menu and then trigger the payload by loading the “Users management” menu.
| CPE | Name | Operator | Version |
|---|---|---|---|
| seeddms seeddms | eq | 6.0.18 | |
| seeddms seeddms | eq | 5.1.25 |
Related
cve
cve
CVE-2022-28479
2022-06-06 23:15:08
prion
prion
Design/Logic Flaw
2022-06-06 23:15:00
cvelist
cvelist
CVE-2022-28479
2022-06-06 22:17:23
nvd
nvd
CVE-2022-28479
2022-06-06 23:15:08