4 matches found
CVE-2012-4567
LetoDMS (formerly MyDMS) before 3.3.8 contains multiple XSS vulnerabilities reachable via parameters in inc/inc.ClassUI.php and out/out.DocumentNotify.php. The issue, confirmed across CVE-2012-4567 entries, allows remote attackers to inject arbitrary scripts/HTML (no exploit details provided). Af...
CVE-2012-4569
CVE-2012-4569 affects LetoDMS (formerly MyDMS) before 3.3.9. The vulnerability is in out/out.UsrMgr.php and permits remote XSS via unspecified vectors, allowing injection of arbitrary web script/HTML. Affected software/function: LetoDMS web interface; vulnerable component/file: out/out.UsrMgr.php...
CVE-2012-4568
The vulnerability CVE-2012-4568 affects LetoDMS (formerly MyDMS) prior to version 3.3.8. Multiple cross-site request forgery (CSRF) flaws allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. The root cause is CSRF in the web application’s handling of aut...
CVE-2012-4570
Summary: CVE-2012-4570 affects LetoDMS (formerly MyDMS) up to version 3.3.7, due to an SQL injection in LetoDMS_Core/Core/inc.ClassDMS.php that allows remote attackers to execute arbitrary SQL commands via unspecified vectors. What’s affected: LetoDMS (PHP+MySQL) deployments prior to 3.3.8. Root ...