LogicalDOC Enterprise Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in LogicalDOC Enterprise Edition, specifically within JSP files that control the application's appearance. This vulnerability allows an unauthenticated attacker to trick a user into clicking a crafted link, potentially leading to unauthorized actions being performed on the user's behalf. While the vulnerability does not allow for session cookie theft due to cookie security flags, it could be exploited to manipulate a victim into making on-site requests without their knowledge.

Impact

Exploitation of this vulnerability could result in a user unknowingly performing actions on the site, potentially leading to further exploitation or manipulation within the application.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

0.6

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LogicalDOC Enterprise Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

LogicalDOC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating