The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.
CVE Status: Modified
Attribute | Value |
---|---|
Attack Complexity | LOW |
Attack Vector | NETWORK |
Availability Impact | NONE |
Base Score | 5.4 |
Base Severity | MEDIUM |
Confidentiality Impact | LOW |
Integrity Impact | LOW |
Privileges Required | LOW |
Scope | CHANGED |
User Interaction | REQUIRED |
Vector String | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Exploitability Score | 2.3 |
Impact Score | 2.7 |
Source | [email protected] |
Type | Primary |