Published: 20/03/2014 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the search feature in SeedDMS (formerly LetoDMS and MyDMS) prior to 4.3.4 allows remote malicious users to inject arbitrary web script or HTML via the query parameter.

Affected Products

Vendor Product Versions
SeeddmsSeeddms3.3.12, 3.4.3, 4.2.2

Mailing Lists

SeedDMS versions prior to 434 suffer from cross site scripting, remote shell upload, and path traversal vulnerabilities ...