Products
SeedDMS
- 6.0.28
Source
cve@mitre.org
Tags
CVE-2024-46409 details
Published : Oct. 4, 2024, 5:15 p.m.
Last Modified : Oct. 4, 2024, 5:15 p.m.
Last Modified : Oct. 4, 2024, 5:15 p.m.
Description
A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar page.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://demo6.seeddms.org/out/out.LogManagement.php?logname=20240831.log | cve@mitre.org |
| https://packetstormsecurity.com/files/181974/SeedDMS-6.0.28-Cross-Site-Scripting.html | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.