OpenDocMan has multiple vulnerabilities

OpenDocMan is OpenDocMan project team developed an open source Web-based PHP document management system DMS. HTML injection and cross-site scripting vulnerabilities exist in OpenDocMan, which can be exploited by attackers to execute arbitrary script code, steal cookie-based authentication or...

Opendocman Cross-Site Request Forgery Vulnerability (CNVD-2016-03274)

OpenDocMan is a versatile Web-based document management system DMS written in PHP and designed to follow the ISO 17025/IEC standard. A cross-site request forgery vulnerability exists in OpenDocMan. Since the program allows users to perform certain actions via unauthenticated HTTP requests, an...

OpenDocMan 1.3.4 - Cross-Site Request Forgery

Exploit for php platform in category web applications 1. Introduction Affected Product: Opendocman 1.3.4 Fixed in: 1.3.5 Fixed Version Link: http://www.opendocman.com/free-download/ Vendor Website: http://www.opendocman.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor:...

OpenDocMan 1.3.4 - Cross-Site Request Forgery

OpenDocMan 1.3.4 - Cross-Site Request Forgery Security Advisory - Curesec Research Team 1. Introduction Affected Product: Opendocman 1.3.4 Fixed in: 1.3.5 Fixed Version Link: http://www.opendocman.com/free-download/ Vendor Website: http://www.opendocman.com/ Vulnerability Type: CSRF Remote...

OpenDocMan 1.3.4 - Cross-Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Opendocman 1.3.4 Fixed in: 1.3.5 Fixed Version Link: http://www.opendocman.com/free-download/ Vendor Website: http://www.opendocman.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 11/21/2015...

Opendocman 1.3.4 Cross Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Opendocman 1.3.4 Fixed in: 1.3.5 Fixed Version Link: http://www.opendocman.com/free-download/ Vendor Website: http://www.opendocman.com/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 11/21/2015...

Opendocman 1.3.4 HTML Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Opendocman 1.3.4 Fixed in: 1.3.5 Fixed Version Link: http://www.opendocman.com/free-download/ Vendor Website: http://www.opendocman.com/ Vulnerability Type: HTML Injection Remote Exploitable: Yes Reported to vendor:...

OpenDocMan Cross-Site Scripting Vulnerability

OpenDocMan is OpenDocMan project team developed an open source Web-based PHP document management system DMS. The system is mainly used for centralized management of documents , and has easy to install , use , scalable and so on. OpenDocMan versions before 1.3.4 cross-site scripting vulnerabilitie...

CVE-2015-5625

Cross-site scripting XSS vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter...

CVE-2015-5625

Cross-site scripting XSS vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter...

CVE-2015-5625

OpenDocMan before 1.3.4 is affected by a cross-site scripting (XSS) vulnerability due to a processing flaw in the redirection parameter. The affected product is the OpenDocMan document management system (PHP-based). Root cause: unsafe handling of the redirection parameter enables arbitrary web-sc...

OpenDocMan vulnerable to cross-site scripting

Overview OpenDocMan is a document management system DMS. OpenDocMan contains a cross-site scripting vulnerability due to a processing flaw in the "redirection" parameter. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

OpenDocMan 1.3.2 Cross Site Scripting

Title: OpenDocMan 1.3.2 - Cross Site Scripting Reflected Disclosed: 9/2/15 Vendor Patched: Patched in version 1.3.3 Published: 9/2/15 Credit: Matt Landers - [email protected] Original Advisory: http://mjltech.net/adv/MJLTECH%20-%20OpenDocMan%201.3.2%20XSS.txt...

JVN#00015036: OpenDocMan vulnerable to cross-site scripting

OpenDocMan is a document management system DMS. OpenDocMan contains a cross-site scripting vulnerability due to a processing flaw in the "redirection" parameter. Impact An arbitrary script may be executed on the user's Mozilla Firefox. Solution Update the software Update to the latest version...

CVE-2014-4853

Cross-site scripting XSS vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file...

Cross site scripting

Cross-site scripting XSS vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file...

CVE-2014-4853

Cross-site scripting XSS vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file...

CVE-2014-4853

CVE-2014-4853 is a reported cross-site scripting (XSS) flaw in OpenDocMan’s odm-init.php prior to version 1.2.7.3. The vulnerability allows remote authenticated users to inject arbitrary web script or HTML by supplying a specially crafted file name during upload. Public sources from NVD and CVE l...

OpenDocMan 1.2.7.2 Cross Site Scripting

Exploit Title: Stored Cross Site Scripting Vulnerability leads to hijack the users session Date: 2 July 2014 Exploit Author: Madhu Akula Vendor Homepage: http://www.opendocman.com/ Version : 1.2.7.2 Severity: High Description : About Vulnerability : Stored attacks are those where the injected...