Lucene search
K
Letodms ProjectLetodms

4 matches found

CVE
CVE
added 2017/10/23 6:0 p.m.58 views

CVE-2012-4567

LetoDMS (formerly MyDMS) before 3.3.8 contains multiple XSS vulnerabilities reachable via parameters in inc/inc.ClassUI.php and out/out.DocumentNotify.php. The issue, confirmed across CVE-2012-4567 entries, allows remote attackers to inject arbitrary scripts/HTML (no exploit details provided). Af...

6.1CVSS6AI score0.01153EPSS
CVE
CVE
added 2017/10/23 6:0 p.m.43 views

CVE-2012-4569

CVE-2012-4569 affects LetoDMS (formerly MyDMS) before 3.3.9. The vulnerability is in out/out.UsrMgr.php and permits remote XSS via unspecified vectors, allowing injection of arbitrary web script/HTML. Affected software/function: LetoDMS web interface; vulnerable component/file: out/out.UsrMgr.php...

6.1CVSS5.9AI score0.01313EPSS
CVE
CVE
added 2017/10/23 6:0 p.m.42 views

CVE-2012-4568

The vulnerability CVE-2012-4568 affects LetoDMS (formerly MyDMS) prior to version 3.3.8. Multiple cross-site request forgery (CSRF) flaws allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. The root cause is CSRF in the web application’s handling of aut...

8.8CVSS8.9AI score0.01003EPSS
CVE
CVE
added 2017/10/23 6:0 p.m.40 views

CVE-2012-4570

Summary: CVE-2012-4570 affects LetoDMS (formerly MyDMS) up to version 3.3.7, due to an SQL injection in LetoDMS_Core/Core/inc.ClassDMS.php that allows remote attackers to execute arbitrary SQL commands via unspecified vectors. What’s affected: LetoDMS (PHP+MySQL) deployments prior to 3.3.8. Root ...

9.8CVSS9.8AI score0.01863EPSS