Vulnerabilities > Seeddms > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-24 CVE-2021-39421 Cross-site Scripting vulnerability in Seeddms 6.0.15
A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
low complexity
seeddms CWE-79
6.1
6.1
2023-07-20 CVE-2021-39425 Open Redirect vulnerability in Seeddms 6.0.15
SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability.
network
low complexity
seeddms CWE-601
6.1
6.1
2022-06-06 CVE-2022-28478 Path Traversal vulnerability in Seeddms 5.1.24/6.0.17
SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal.
network
low complexity
seeddms CWE-22
5.5
5.5
2022-02-04 CVE-2021-45408 Open Redirect vulnerability in Seeddms 6.0.15
Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter.
network
seeddms CWE-601
5.8
5.8
2021-10-22 CVE-2020-23048 Cross-site Scripting vulnerability in Seeddms
SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters.
network
seeddms CWE-79
4.3
4.3
2021-08-03 CVE-2021-35343 Cross-Site Request Forgery (CSRF) vulnerability in Seeddms
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
network
low complexity
seeddms CWE-352
4.3
4.3
2021-08-03 CVE-2021-36542 Cross-Site Request Forgery (CSRF) vulnerability in Seeddms
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
network
low complexity
seeddms CWE-352
4.3
4.3
2021-08-03 CVE-2021-36543 Cross-Site Request Forgery (CSRF) vulnerability in Seeddms
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
network
seeddms CWE-352
4.3
4.3
2021-03-18 CVE-2021-26216 Cross-Site Request Forgery (CSRF) vulnerability in Seeddms
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.
network
seeddms CWE-352
4.3
4.3
2021-03-18 CVE-2021-26215 Cross-Site Request Forgery (CSRF) vulnerability in Seeddms
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.
network
seeddms CWE-352
4.3
4.3