Lucene search
HistoryFeb 07, 2023 - 10:15 p.m.
CVE-2022-47415
logicaldoc
xss
messaging
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.1%
LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies).
Affected configurations
Node
logicaldoclogicaldocMatch8.7.3community
ORlogicaldoclogicaldocMatch8.8.2enterprise
Related
prion
prion
Cross site scripting
2023-02-07 22:15:00
cve
cve
CVE-2022-47415
2023-02-07 22:15:10
cvelist
cvelist
CVE-2022-47415 LogicalDOC Messaging Stored XSS
2023-02-07 21:33:56
thn
thn
Unpatched Security Flaws Disclosed in Multiple Document Management Systems
2023-02-08 15:15:00
rapid7blog
rapid7blog
Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)
2023-02-07 14:05:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.1%
Related for NVD:CVE-2022-47415