A stored XSS vulnerability was found in SeedDMS 5.1.11 due to poorly escaping the search result in the autocomplete search form placed in the header of out/out.Viewfolder.php.
References
Link | Resource |
---|---|
https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG | Release Notes Third Party Advisory |
Configurations
Information
Published : 2019-06-28 11:15
Updated : 2019-07-03 10:09
NVD link : CVE-2019-12932
Mitre link : CVE-2019-12932
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
seeddms
- seeddms