2 matches found
CVE-2021-35343
Cross-Site Request Forgery CSRF vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x5.1.23 and v6.0.x6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page...
CVE-2021-35343
CVE-2021-35343 is a CSRF vulnerability in SeedDMS. Affected versions are SeedDMS v5.1.x before 5.1.23 and v6.0.x before 6.0.16, where the issue resides in the /op/op.Ajax.php endpoint. An authenticated user who visits a malicious page can have their session used to edit a document’s name without ...