Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
seeddms seeddms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-36543
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x <5.1.23 and v6.0.x <6.0.16 allows a remote malicious user to unlock any document without victim's knowledge, by enticing an authenticated user to visit an attacker's...
Seeddms Seeddms
Seeddms Seeddms 6.0.6
4.3
CVSSv2
CVE-2021-35343
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote malicious user to edit document name without victim's knowledge, by enticing an authenticated user to visit an attacker's web page.
Seeddms Seeddms
Seeddms Seeddms 6.0.6
4.3
CVSSv2
CVE-2021-26215
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.
Seeddms Seeddms
4.3
CVSSv2
CVE-2021-26216
SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.
Seeddms Seeddms
4.3
CVSSv2
CVE-2020-28727
Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/class.DropFolderChooser.php.
Seeddms Seeddms 6.0.13
5.8
CVSSv2
CVE-2020-28726
Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php.
Seeddms Seeddms 6.0.13
4.3
CVSSv2
CVE-2019-12932
A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php.
Seeddms Seeddms 5.1.11
6
CVSSv2
CVE-2019-12744
SeedDMS prior to 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.
Seeddms Seeddms
1 EDB exploit
1 Github repository
3.5
CVSSv2
CVE-2019-12745
out/out.UsrMgr.php in SeedDMS prior to 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.
Seeddms Seeddms
1 EDB exploit
4.3
CVSSv2
CVE-2019-12801
out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name.
Seeddms Seeddms 5.1.11
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »