Vulnerabilities > Seeddms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-07 | CVE-2020-28727 | Cross-site Scripting vulnerability in Seeddms 6.0.13 Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/class.DropFolderChooser.php. | 4.3 |
| 2020-11-24 | CVE-2020-28726 | Open Redirect vulnerability in Seeddms 6.0.13 Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php. | 5.8 |
| 2019-06-28 | CVE-2019-12932 | Cross-site Scripting vulnerability in Seeddms 5.1.11 A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php. | 4.3 |
| 2019-06-20 | CVE-2019-12744 | Unrestricted Upload of File with Dangerous Type vulnerability in Seeddms SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940. | 6.0 |
| 2019-06-17 | CVE-2019-12801 | Cross-site Scripting vulnerability in Seeddms 5.1.11 out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name. | 4.3 |
| 2018-07-31 | CVE-2018-12944 | Cross-site Scripting vulnerability in Seeddms Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field. | 4.3 |
| 2018-07-31 | CVE-2018-12943 | Cross-site Scripting vulnerability in Seeddms Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 4.3 |
| 2018-07-31 | CVE-2018-12940 | Unrestricted Upload of File with Dangerous Type vulnerability in Seeddms Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter. | 6.5 |
| 2018-07-31 | CVE-2018-12939 | Path Traversal vulnerability in Seeddms A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a .. | 5.5 |
| 2014-10-17 | CVE-2014-2279 | Path Traversal vulnerability in Seeddms Multiple directory traversal vulnerabilities in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allow (1) remote authenticated users with access to the LogManagement functionality to read arbitrary files via a .. | 6.4 |