169 matches found
CVE-2024-12020 Reflected Cross-Site Scripting (XSS)
There is a reflected cross-site scripting XSS within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possible due to cookie security flags, however the...
CVE-2024-12020
CVE-2024-12020 describes a reflected cross-site scripting (XSS) in JSP files used to control application appearance affecting LogicalDOC Enterprise. The root cause is input echoed into JSP pages without proper sanitization, enabling an unauthenticated attacker to lure a user into clicking a craft...
CVE-2024-12020 Reflected Cross-Site Scripting (XSS)
There is a reflected cross-site scripting XSS within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possible due to cookie security flags, however the...
LogicalDOC 跨站脚本漏洞
LogicalDOC is the United States LogicalDOC company's set of document management system developed using Java technology. The system has Lucene full-text search index and automatic import and other functions. A security vulnerability exists in LogicalDOC that originates from reflective cross-site...
LogicalDOC SQL注入漏洞
LogicalDOC is the United States LogicalDOC company a set of document management system developed using Java technology. The system has features such as Lucene full-text search indexing and automatic import. A security vulnerability exists in LogicalDOC that stems from the login function containin...
LogicalDOC SQL注入漏洞
LogicalDOC is the United States LogicalDOC company a set of document management system developed using Java technology. The system has features such as Lucene full-text search indexing and automatic import. A security vulnerability exists in LogicalDOC, which stems from a saved search function th...
LogicalDOC 安全漏洞
LogicalDOC is a document management system developed using Java technology by LogicalDOC, Inc. in the United States. The system has features such as Lucene full-text search indexing and automatic importing. A security vulnerability exists in LogicalDOC that stems from an API used in the applicati...
LogicalDOC SQL注入漏洞
LogicalDOC is the United States LogicalDOC company a set of document management system developed using Java technology. The system has features such as Lucene full-text search indexing and automatic import. A security vulnerability exists in LogicalDOC that stems from the document history feature...
LogicalDOC 代码注入漏洞
LogicalDOC is the United States LogicalDOC company a set of document management system developed using Java technology . The system has Lucene full-text search index and automatic import and other functions. A security vulnerability exists in LogicalDOC, which stems from an automated scripting...
LogicalDOC 安全漏洞
LogicalDOC is a document management system developed using Java technology by LogicalDOC, Inc. in the United States. The system has features such as Lucene full-text search indexing and automatic import. LogicalDOC has a security vulnerability that stems from an API endpoint flaw that could allow...
CVE-2020-13542
A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing...
Unpatched Security Flaws Disclosed in Multiple Document Management Systems
Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System DMS offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which "an attacker can convinc...
CVE-2022-47418
LogicalDOC Enterprise and Community Edition CE are vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition in the document version comments...
CVE-2022-47418
LogicalDOC Enterprise and Community Edition CE are vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition in the document version comments...
Cross site scripting
LogicalDOC Enterprise and Community Edition CE are vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition in the document version comments...
CVE-2022-47416
LogicalDOC Enterprise is vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition in the in-app chat system...
CVE-2022-47415
LogicalDOC Enterprise and Community Edition CE are vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition in the in-app messaging system both subject and message bodies...
CVE-2022-47417
LogicalDOC Enterprise and Community Edition CE are vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition in the document file name...
CVE-2022-47417
LogicalDOC Enterprise and Community Edition CE are vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition in the document file name...
CVE-2022-47416
LogicalDOC Enterprise is vulnerable to a stored persistent, or "Type II" cross-site scripting XSS condition in the in-app chat system...