Lucene search
HistoryFeb 07, 2023 - 10:15 p.m.
CVE-2022-47415
logicaldoc
enterprise
community edition
ce
xss
cross-site scripting
nvd
cve-2022-47415
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.2%
LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies).
Affected configurations
Node
logicaldoclogicaldocMatch8.7.3community
ORlogicaldoclogicaldocMatch8.8.2enterprise
| CPE | Name | Operator | Version |
|---|---|---|---|
| logicaldoc:logicaldoc | logicaldoc | eq | 8.7.3 |
| logicaldoc:logicaldoc | logicaldoc | eq | 8.8.2 |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "LogicalDOC Enterprise",
"vendor": "LogicalDOC",
"versions": [
{
"lessThanOrEqual": "8.8.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "LogicalDOC Community Edition",
"vendor": "LogicalDOC",
"versions": [
{
"lessThanOrEqual": "8.7.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
prion
prion
Cross site scripting
2023-02-07 22:15:00
nvd
nvd
CVE-2022-47415
2023-02-07 22:15:10
cvelist
cvelist
CVE-2022-47415 LogicalDOC Messaging Stored XSS
2023-02-07 21:33:56
thn
thn
Unpatched Security Flaws Disclosed in Multiple Document Management Systems
2023-02-08 15:15:00
rapid7blog
rapid7blog
Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)
2023-02-07 14:05:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.2%
Related for CVE-2022-47415