CVE-2022-47416 LogicalDOC Chat Stored XSS

2023-02-0721:46:38

CWE-79

rapid7

www.cve.org

cve-2022-47416

logicaldoc

stored xss

in-app chat

0.001 Low

EPSS

Percentile

20.1%

JSON

LogicalDOC Enterprise is vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the in-app chat system.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "LogicalDOC Enterprise",
    "vendor": "LogicalDOC",
    "versions": [
      {
        "lessThanOrEqual": "8.8.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]