NotCVE - vendor:"Seeddms" product:"Seeddms" version:"

18 results (0.003 seconds)

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1

CVE-2022-44938

https://notcve.org/view.php?id=CVE-2022-44938

08 Dec 2022 — Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack. La generación débil de tokens de reinicio en SeedDMS v6.0.20 y v5.1.7 permite a los atacantes ejecutar una apropiación completa de la cuenta mediante un ataque de fuerza bruta. • https://pwnit.io/2022/11/23/weak-password-reset-token-leads-to-account-takeover-in-seeddms •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1

CVE-2020-23048

https://notcve.org/view.php?id=CVE-2020-23048

22 Oct 2021 — SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters. SeedDMS Content Management System versión v6.0.7, contiene una vulnerabilidad de tipo cross-site scripting (XSS) persistente en el componente AddEvent.php por medio de los parámetros name y comment • https://www.vulnerability-lab.com/get_content.php?id=2209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

CVE-2021-36543

https://notcve.org/view.php?id=CVE-2021-36543

03 Aug 2021 — Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el archivo /op/op.UnlockDocument.php en SeedDMS versiones v5.1.x anteriores a 5.1.23 y versiones v6.0.x anteriores a 6.0.16, permite a un atacante remoto desbloquear cualquier doc... • https://cyberdivision.medium.com/cve-2021-36543-9622f50c6dc • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-36542

https://notcve.org/view.php?id=CVE-2021-36542

03 Aug 2021 — Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el archivo /op/op.LockDocument.php en SeedDMS versiones v5.1.x anteriores a 5.1.23 y versiones v6.0.x anteriores a 6.0.16, permite a un atacante remoto bloquear cualquier documento sin... • https://medium.com/%40cyberdivision/cve-2021-36542-a07585497eb8 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2021-35343

https://notcve.org/view.php?id=CVE-2021-35343

03 Aug 2021 — Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el archivo /op/op.Ajax.php en SeedDMS versiones v5.1.x anteriores a 5.1.23 y versiones v6.0.x anteriores a 6.0.16, permite a un atacante remoto editar el nombre de un documento sin el conocimi... • https://medium.com/%40cyberdivision/cve-2021-35343-c5c298cbb2d4 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-26216

https://notcve.org/view.php?id=CVE-2021-26216

18 Mar 2021 — SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php. SeedDMS versión 5.1.x, está afectado por un ataque de tipo cross-site request forgery (CSRF) en el archivo out.EditFolder.php • http://seeddms.com • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-26215

https://notcve.org/view.php?id=CVE-2021-26215

18 Mar 2021 — SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php. SeedDMS versión 5.1.x, está afectado por un ataque de tipo cross-site request forgery (CSRF) en el archivo out.EditDocument.php • http://seeddms.com • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

CVE-2019-12745 – SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2019-12745

20 Jun 2019 — out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field. out / out.UsrMgr.php en SeedDMS antes de la versión 5.1.11 permite el almacenamiento de secuencias de comandos en sitios cruzados (XSS) a través del campo de nombre. SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.UsrMgr.php. • https://www.exploit-db.com/exploits/47023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 4

CVE-2019-12744 – Seeddms 5.1.10 - Remote Command Execution (RCE) (Authenticated)

https://notcve.org/view.php?id=CVE-2019-12744

20 Jun 2019 — SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940. SeedDMS antes de la versión 5.1.11 permite la ejecución remota de comandos (RCE) debido a la carga de archivos no validados de los scripts PHP, una vulnerabilidad diferente a la CVE-2018-12940. SeedDMS versions prior to 5.1.11 suffers from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/50062 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-12943

https://notcve.org/view.php?id=CVE-2018-12943

31 Jul 2018 — Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en todas las páginas que incluyen el parámetro URL "action" en SeedDMS (anteriormente conocido como LetoDMS y MyDMS), en versiones anteriores a la 5.1.8, permite que atacantes remotos inyecten scripts web o HTML arbitrarios media... • https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2