Security News > 2023 > February > Unpatched Security Flaws Disclosed in Multiple Document Management Systems
Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM. Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which "An attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed and triggered by the user, giving the attacker multiple paths to control the organization."
The list of eight cross-site scripting flaws, discovered by Rapid7 researcher Matthew Kienow, is as follows -.
CVE-2022-47412 - ONLYOFFICE Workspace Search Stored XSS. CVE-2022-47413 and CVE-2022-47414 - OpenKM Document and Application XSS. CVE-2022-47415, CVE-2022-47416, CVE-2022-47417, and CVE-2022-47418 - LogicalDOC Multiple Stored XSS. CVE-2022-47419 - Mayan EDMS Tag Stored XSS. Stored XSS, also known as persistent XSS, occurs when a malicious script is injected directly into a vulnerable web application, causing the rogue code to be activated upon each visit to the application.
A threat actor can exploit the aforementioned flaws by providing a decoy document, granting the interloper the ability to further their control over the compromised network,.
In an alternative scenario, the attacker could abuse the identity of the victim to inject arbitrary commands and gain stealthy access to the stored documents.
Users of the affected DMS are advised to proceed with caution when importing documents from unknown or untrusted sources as well as limit the creation of anonymous, untrusted users and restrict certain features such as chats and tagging to known users.
News URL
https://thehackernews.com/2023/02/unpatched-security-flaws-disclosed-in.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-07 | CVE-2022-47418 | Cross-site Scripting vulnerability in Logicaldoc 8.7.3/8.8.2 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments. | 5.4 |
| 2023-02-07 | CVE-2022-47419 | Cross-site Scripting vulnerability in Mayan-Edms Mayan Edms 4.3.3 An XSS vulnerability was discovered in the Mayan EDMS DMS. | 5.4 |
| 2023-02-07 | CVE-2022-47417 | Cross-site Scripting vulnerability in Logicaldoc 8.7.3/8.8.2 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name. | 5.4 |
| 2023-02-07 | CVE-2022-47416 | Cross-site Scripting vulnerability in Logicaldoc 8.8.2 LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system. | 5.4 |
| 2023-02-07 | CVE-2022-47415 | Cross-site Scripting vulnerability in Logicaldoc 8.7.3/8.8.2 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies). | 5.4 |
| 2023-02-07 | CVE-2022-47414 | Cross-site Scripting vulnerability in Openkm 6.3.12 If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality. | 5.4 |
| 2023-02-07 | CVE-2022-47413 | Cross-site Scripting vulnerability in Openkm 6.3.12 Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition. | 5.4 |
| 2023-02-07 | CVE-2022-47412 | Cross-site Scripting vulnerability in Onlyoffice Workspace Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition. | 5.4 |