2 matches found
CVE-2018-12943
SeedDMS before 5.1.8 contains a cross-site scripting (XSS) vulnerability via the action URL parameter on every page that includes it, allowing remote attackers to inject arbitrary script or HTML. The issue is described consistently across multiple sources (NVD/CNVD), with the affected version ran...
CVE-2018-12943
Cross-Site Scripting XSS vulnerability in every page that includes the "action" URL parameter in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter...