out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name.
References
Link | Resource |
---|---|
https://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG | Release Notes Third Party Advisory |
http://packetstormsecurity.com/files/153384/SeedDMS-out.GroupMgr.php-Cross-Site-Scripting.html |
Configurations
Information
Published : 2019-06-17 11:15
Updated : 2019-06-24 16:15
NVD link : CVE-2019-12801
Mitre link : CVE-2019-12801
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
seeddms
- seeddms