Vulners
Lucene search
SeedDMS 6.0.29 Cross Site Scripting
๐๏ธย 27 Feb 2025ย 00:00:00Reported byย Athul STypeย 
ย packetstorm๐ย packetstorm.news๐ย 352ย Views
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | Exploit for Cross-site Scripting in Seeddms | 26 Feb 202504:16 | โ | githubexploit |
 | CVE-2025-25461 | 26 Feb 202510:00 | โ | circl |
 | SeedDMS ๅฎๅ จๆผๆด | 28 Feb 202500:00 | โ | cnnvd |
 | CVE-2025-25461 | 28 Feb 202500:00 | โ | cve |
 | CVE-2025-25461 | 28 Feb 202500:00 | โ | cvelist |
 | EUVD-2025-5943 | 3 Oct 202520:07 | โ | euvd |
 | CVE-2025-25461 | 28 Feb 202516:15 | โ | nvd |
 | CVE-2025-25461 | 28 Feb 202516:15 | โ | osv |
 | PT-2025-9108 ยท Seeddms ยท Seeddms | 28 Feb 202500:00 | โ | ptsecurity |
 | CVE-2025-25461 | 2 Mar 202500:23 | โ | redhatcve |
10
# ๐ CVE-2025-25461 - Stored Cross-Site Scripting (XSS) in SeedDMS 6.0.29
## ๐ Description
A Stored Cross-Site Scripting (XSS) vulnerability exists in **SeedDMS 6.0.29**.
A user or rogue admin with the **"Add Category"** permission can inject a malicious XSS payload into the category name field.
When a document is subsequently associated with this category, the payload is stored on the server and rendered without proper sanitization or output encoding.
This results in the XSS payload executing in the browser of any user who views the document.
## ๐ฏ Affected Product
- **Software:** SeedDMS
- **Version:** 6.0.29
- **Component:** Category Name Field
## โ ๏ธ Impact
- **Session Hijacking**
- **Data Exfiltration**
- **Phishing Attacks**
- **Remote Code Execution (via JavaScript)**
## ๐ฅ Proof of Concept (PoC)
### Steps to Reproduce:
1. Log in as a user with **"Add Category"** permissions.
2. Navigate to **Admin Panel > Categories**.
3. Create a new category with the following payload:
```html
<script>alert(1)</script>
```
4. Save the category.
5. Associate a document with the malicious category.
6. When a user views the document, the payload executes in their browser.
### ๐น Video PoC:
๐ [Watch Video PoC](https://drive.google.com/file/d/1QV9nyXnid1QigYAYzvCeRtUGSl35AbuG/view?usp=drive_link)
## ๐ ๏ธ Mitigation
- **Sanitize User Input**: Escape special characters in category names.
- **Use Content Security Policy (CSP)**: Prevent inline script execution.
- **Encode Output**: Ensure category names are properly encoded before rendering in the UI.
## ๐ Reference
- ๐ [SeedDMS Official Website](https://www.seeddms.org/)
- ๐ [SeedDMS Discussion Thread](https://sourceforge.net/p/seeddms/discussion/general/thread/eb4ce9b1ff/)
โ๏ธ Discoverer
## โ๏ธ Discoverer
- **Athul S**
- ๐ [Linkedin](https://www.linkedin.com/in/athul-s-pentester/)
- ๐ [GitHub](https://github.com/RoNiXxCybSeC0101)
## ๐ท๏ธ CVE Assignment
- **CVE ID:** CVE-2025-25461Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Feb 2025 00:00Current
6.6Medium risk
Vulners AI Score6.6
EPSS0.00256