5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
24.8%
SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the โRole managementโ menu and then trigger the payload by loading the โUsers managementโ menu
github.com/looCiprian/Responsible-Vulnerability-Disclosure/tree/main/CVE-2022-28479
sourceforge.net/p/seeddms/code/ci/9e92524fdbd1e7c3e6771d669f140c62389ec375/