CVE-2022-28479

SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
seeddmsseeddms
5.1.25
seeddmsseeddms
6.0.18
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/tree/main/CVE-2022-28479
https://sourceforge.net/p/seeddms/code/ci/9e92524fdbd1e7c3e6771d669f140c62389ec375/
https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/tree/main/CVE-2022-28479
https://sourceforge.net/p/seeddms/code/ci/9e92524fdbd1e7c3e6771d669f140c62389ec375/