4.3
CVSSv2

CVE-2019-12801

Published: 17/06/2019 Updated: 24/06/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name.

Vulnerability Trend

Affected Products

Vendor Product Versions
SeeddmsSeeddms5.1.11

Exploits

# Exploit Title: [Persistent Cross-Site Scripting or Stored XSS in out/outGroupMgrphp in SeedDMS before 5111] # Google Dork: [NA] # Date: [17-June-2019] # Exploit Author: [Nimit Jain](wwwlinkedincom/in/nimitiitk)(secfolksblogspotcom) # Vendor Homepage: [wwwseeddmsorg] # Software Link: [sourceforgenet/proje ...

Mailing Lists

SeedDMS versions prior to 5111 suffers from persistent cross site scripting vulnerability in outGroupMgrphp ...