Vulnerabilities > Seeddms

DATE CVE VULNERABILITY TITLE RISK
2023-07-24 CVE-2021-39421 Cross-site Scripting vulnerability in Seeddms 6.0.15
A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
low complexity
seeddms CWE-79
6.1
2023-07-20 CVE-2021-39425 Open Redirect vulnerability in Seeddms 6.0.15
SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability.
network
low complexity
seeddms CWE-601
6.1
2023-06-07 CVE-2021-33223 Authorization Bypass Through User-Controlled Key vulnerability in Seeddms 6.0.15
An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file.
network
low complexity
seeddms CWE-639
8.8
2022-12-08 CVE-2022-44938 Unspecified vulnerability in Seeddms 5.1.7/6.0.20
Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack.
network
low complexity
seeddms
critical
9.8
2022-06-06 CVE-2022-28051 Cross-site Scripting vulnerability in Seeddms 5.1.25/6.0.18
The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.
network
low complexity
seeddms CWE-79
5.4
2022-06-06 CVE-2022-28478 Path Traversal vulnerability in Seeddms 5.1.24/6.0.17
SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal.
network
low complexity
seeddms CWE-22
6.5
2022-06-06 CVE-2022-28479 Cross-site Scripting vulnerability in Seeddms 5.1.25/6.0.18
SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS.
network
low complexity
seeddms CWE-79
4.8
2022-02-04 CVE-2021-45408 Open Redirect vulnerability in Seeddms 6.0.15
Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter.
network
low complexity
seeddms CWE-601
6.1
2021-10-22 CVE-2020-23048 Cross-site Scripting vulnerability in Seeddms
SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters.
network
low complexity
seeddms CWE-79
6.1
2021-08-03 CVE-2021-35343 Cross-Site Request Forgery (CSRF) vulnerability in Seeddms
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
network
low complexity
seeddms CWE-352
4.3