Vulnerabilities > Logicaldoc
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-07 | CVE-2022-47418 | Cross-site Scripting vulnerability in Logicaldoc 8.7.3/8.8.2 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments. | 5.4 |
| 2023-02-07 | CVE-2022-47415 | Cross-site Scripting vulnerability in Logicaldoc 8.7.3/8.8.2 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies). | 5.4 |
| 2023-02-07 | CVE-2022-47416 | Cross-site Scripting vulnerability in Logicaldoc 8.8.2 LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system. | 5.4 |
| 2023-02-07 | CVE-2022-47417 | Cross-site Scripting vulnerability in Logicaldoc 8.7.3/8.8.2 LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name. | 5.4 |
| 2020-12-03 | CVE-2020-13542 | Incorrect Default Permissions vulnerability in Logicaldoc 8.5.1 A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. | 7.2 |
| 2020-04-08 | CVE-2020-10366 | Path Traversal vulnerability in Logicaldoc LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365. | 5.0 |
| 2020-03-18 | CVE-2020-9423 | Unrestricted Upload of File with Dangerous Type vulnerability in Logicaldoc LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. | 10.0 |
| 2020-03-18 | CVE-2020-10365 | SQL Injection vulnerability in Logicaldoc LogicalDoc before 8.3.3 allows SQL Injection. | 4.0 |
| 2019-05-30 | CVE-2019-9723 | Path Traversal vulnerability in Logicaldoc 8.0/8.1/8.1.1 LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry. | 5.5 |
| 2017-07-17 | CVE-2017-1000023 | Cross-site Scripting vulnerability in Logicaldoc LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. | 3.5 |