4 matches found
CVE-2014-2280
Cross-site scripting XSS vulnerability in the search feature in SeedDMS formerly LetoDMS and MyDMS before 4.3.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter...
CVE-2014-2280
SeedDMS (formerly LetoDMS/MyDMS) before version 4.3.4 is affected by a reflected XSS in the search feature. The vulnerability arises from the query parameter used by the search, allowing attackers to inject arbitrary scripts/HTML that are returned without proper validation or sanitization. Public...
SeedDMS XSS / Traversal / Shell Upload Vulnerabilities
SeedDMS versions prior to 4.3.4 suffer from cross site scripting, remote shell upload, and path traversal vulnerabilities. Product description: ============ SeedDMS is the continuation of LetoDMS because it has lost its main developer. SeedDMS is an easy to use but powerful Open Source Document...
SeedDMS XSS / Traversal / Shell Upload
Product description: ============ SeedDMS is the continuation of LetoDMS because it has lost its main developer. SeedDMS is an easy to use but powerful Open Source Document Management System. http://www.seeddms.org/index.php?id=2 ============ SeedDMS Unprivileged User Remote Code Execution...