4.3
CVSSv2

CVE-2018-12943

Published: 31/07/2018 Updated: 04/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) prior to 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

Vulnerability Trend

Affected Products

Vendor Product Versions
SeeddmsSeeddms3.3.12, 3.4.3, 4.2.2, 4.3.3