Vulnerabilities > Seeddms

DATE CVE VULNERABILITY TITLE RISK
2022-06-06 CVE-2022-28051 Cross-site Scripting vulnerability in Seeddms 5.1.25/6.0.18
The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.
network
seeddms CWE-79
3.5
2022-06-06 CVE-2022-28478 Path Traversal vulnerability in Seeddms 5.1.24/6.0.17
SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal.
network
low complexity
seeddms CWE-22
5.5
2022-06-06 CVE-2022-28479 Cross-site Scripting vulnerability in Seeddms 5.1.25/6.0.18
SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS.
network
seeddms CWE-79
3.5
2022-02-04 CVE-2021-45408 Open Redirect vulnerability in Seeddms 6.0.15
Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter.
network
seeddms CWE-601
5.8
2021-10-22 CVE-2020-23048 Cross-site Scripting vulnerability in Seeddms
SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters.
network
seeddms CWE-79
4.3
2021-08-03 CVE-2021-35343 Cross-Site Request Forgery (CSRF) vulnerability in Seeddms
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
network
seeddms CWE-352
4.3
2021-08-03 CVE-2021-36542 Cross-Site Request Forgery (CSRF) vulnerability in Seeddms
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
network
seeddms CWE-352
4.3
2021-08-03 CVE-2021-36543 Cross-Site Request Forgery (CSRF) vulnerability in Seeddms
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
network
seeddms CWE-352
4.3
2021-03-18 CVE-2021-26216 Cross-Site Request Forgery (CSRF) vulnerability in Seeddms
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.
network
seeddms CWE-352
4.3
2021-03-18 CVE-2021-26215 Cross-Site Request Forgery (CSRF) vulnerability in Seeddms
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.
network
seeddms CWE-352
4.3