CVE-2021-26216
https://notcve.org/view.php?id=CVE-2021-26216
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php. SeedDMS versión 5.1.x, está afectado por un ataque de tipo cross-site request forgery (CSRF) en el archivo out.EditFolder.php • http://seeddms.com https://tuhin1729.medium.com/cve-2021-26216-ffb33321dc91 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-26215
https://notcve.org/view.php?id=CVE-2021-26215
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php. SeedDMS versión 5.1.x, está afectado por un ataque de tipo cross-site request forgery (CSRF) en el archivo out.EditDocument.php • http://seeddms.com https://tuhin1729.medium.com/cve-2021-26215-7ce6800be822 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2019-12932
https://notcve.org/view.php?id=CVE-2019-12932
A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php. Se ha encontrado una vulnerabilidad de Cross-Site Scripting (XSS) en SeedDMS versión 5.1.11 debido a que el resultado búsqueda no se ha realizado correctamente en el formulario de búsqueda de autocompletado ubicado en el encabezado de out / out.Viewfolder.php. • https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-12801 – SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-12801
out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name. out / out.GroupMgr.php en SeedDMS 5.1.11 ha almacenado XSS al crear un nuevo grupo con una carga útil de JavaScript como el nombre "GRUPO". SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.GroupMgr.php. • https://www.exploit-db.com/exploits/47024 http://packetstormsecurity.com/files/153384/SeedDMS-out.GroupMgr.php-Cross-Site-Scripting.html https://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •