CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2022-44938
https://notcve.org/view.php?id=CVE-2022-44938
08 Dec 2022 — Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack. La generación débil de tokens de reinicio en SeedDMS v6.0.20 y v5.1.7 permite a los atacantes ejecutar una apropiación completa de la cuenta mediante un ataque de fuerza bruta. • https://pwnit.io/2022/11/23/weak-password-reset-token-leads-to-account-takeover-in-seeddms •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2020-23048
https://notcve.org/view.php?id=CVE-2020-23048
22 Oct 2021 — SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters. SeedDMS Content Management System versión v6.0.7, contiene una vulnerabilidad de tipo cross-site scripting (XSS) persistente en el componente AddEvent.php por medio de los parámetros name y comment • https://www.vulnerability-lab.com/get_content.php?id=2209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1CVE-2021-36543
https://notcve.org/view.php?id=CVE-2021-36543
03 Aug 2021 — Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote attacker to unlock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el archivo /op/op.UnlockDocument.php en SeedDMS versiones v5.1.x anteriores a 5.1.23 y versiones v6.0.x anteriores a 6.0.16, permite a un atacante remoto desbloquear cualquier doc... • https://cyberdivision.medium.com/cve-2021-36543-9622f50c6dc • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36542
https://notcve.org/view.php?id=CVE-2021-36542
03 Aug 2021 — Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x <6.0.16 allows a remote attacker to lock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el archivo /op/op.LockDocument.php en SeedDMS versiones v5.1.x anteriores a 5.1.23 y versiones v6.0.x anteriores a 6.0.16, permite a un atacante remoto bloquear cualquier documento sin... • https://medium.com/%40cyberdivision/cve-2021-36542-a07585497eb8 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-35343
https://notcve.org/view.php?id=CVE-2021-35343
03 Aug 2021 — Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el archivo /op/op.Ajax.php en SeedDMS versiones v5.1.x anteriores a 5.1.23 y versiones v6.0.x anteriores a 6.0.16, permite a un atacante remoto editar el nombre de un documento sin el conocimi... • https://medium.com/%40cyberdivision/cve-2021-35343-c5c298cbb2d4 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26216
https://notcve.org/view.php?id=CVE-2021-26216
18 Mar 2021 — SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php. SeedDMS versión 5.1.x, está afectado por un ataque de tipo cross-site request forgery (CSRF) en el archivo out.EditFolder.php • http://seeddms.com • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26215
https://notcve.org/view.php?id=CVE-2021-26215
18 Mar 2021 — SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php. SeedDMS versión 5.1.x, está afectado por un ataque de tipo cross-site request forgery (CSRF) en el archivo out.EditDocument.php • http://seeddms.com • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12932
https://notcve.org/view.php?id=CVE-2019-12932
28 Jun 2019 — A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php. Se ha encontrado una vulnerabilidad de Cross-Site Scripting (XSS) en SeedDMS versión 5.1.11 debido a que el resultado búsqueda no se ha realizado correctamente en el formulario de búsqueda de autocompletado ubicado en el encabezado de out / out.Viewfolder.php. • https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12801 – SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-12801
17 Jun 2019 — out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name. out / out.GroupMgr.php en SeedDMS 5.1.11 ha almacenado XSS al crear un nuevo grupo con una carga útil de JavaScript como el nombre "GRUPO". SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.GroupMgr.php. • https://www.exploit-db.com/exploits/47024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •