Vulnerabilities > Seeddms > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-03-18 CVE-2021-26216 Cross-Site Request Forgery (CSRF) vulnerability in Seeddms
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.
network
low complexity
seeddms CWE-352
4.3
4.3
2021-03-18 CVE-2021-26215 Cross-Site Request Forgery (CSRF) vulnerability in Seeddms
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.
network
low complexity
seeddms CWE-352
4.3
4.3
2020-12-07 CVE-2020-28727 Cross-site Scripting vulnerability in Seeddms 6.0.13
Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/class.DropFolderChooser.php.
network
low complexity
seeddms CWE-79
6.1
6.1
2020-11-24 CVE-2020-28726 Open Redirect vulnerability in Seeddms 6.0.13
Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php.
network
low complexity
seeddms CWE-601
6.1
6.1
2019-06-28 CVE-2019-12932 Cross-site Scripting vulnerability in Seeddms 5.1.11
A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php.
network
low complexity
seeddms CWE-79
6.1
6.1
2019-06-20 CVE-2019-12745 Cross-site Scripting vulnerability in Seeddms
out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.
network
low complexity
seeddms CWE-79
5.4
5.4
2019-06-17 CVE-2019-12801 Cross-site Scripting vulnerability in Seeddms 5.1.11
out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name.
network
low complexity
seeddms CWE-79
6.1
6.1
2018-07-31 CVE-2018-12944 Cross-site Scripting vulnerability in Seeddms
Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field.
network
low complexity
seeddms CWE-79
6.1
6.1
2018-07-31 CVE-2018-12943 Cross-site Scripting vulnerability in Seeddms
Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
network
low complexity
seeddms CWE-79
6.1
6.1
2018-07-31 CVE-2018-12939 Path Traversal vulnerability in Seeddms
A directory traversal flaw in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows an authenticated attacker to write to (or potentially delete) arbitrary files via a ..
network
low complexity
seeddms CWE-22
6.5
6.5