LetoDMS suffers from multiple cross-site scripting vulnerabilities (CNVD-2017-35521)
LetoDMS formerly known as MyDMS is a set of PHP and MySQL development of Web-based open source document management system . Multiple cross-site scripting vulnerabilities exist in versions of LetoDMS prior to 3.3.8. Remote attackers can use the parameters in the inc/inc.ClassUI.php or...