CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1000023
https://notcve.org/view.php?id=CVE-2017-1000023
13 Jul 2017 — LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. LogicalDoc Community Edition versión 7.5.3 y anteriores son vulnerables a un Cross-Site Scripting (XSS) cuando se usa la vista previa en un documento HTML. • http://blog.randorisec.fr/logicaldoc-from-guest-to-root • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1000022
https://notcve.org/view.php?id=CVE-2017-1000022
13 Jul 2017 — LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. LogicalDoc Community Edition versión 7.5.3 y anteriores contienen un control de acceso incorrecto que podría conllevar a una escalada de privilegios. • http://blog.randorisec.fr/logicaldoc-from-guest-to-root • CWE-732: Incorrect Permission Assignment for Critical Resource •