2 matches found
CVE-2020-29456
Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...
CVE-2020-29456
Papermerge before 1.5.2 contains multiple XSS vulnerabilities allowing arbitrary script/HTML injection via the rename, tag, upload, or create folder features. The payload can reside in a folder, tag, or a document filename. If email consumption is configured, a malicious document can be sent by e...