Primary

Context

SeedDMS Stored Cross-Site Scripting Vulnerability

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in SeedDMS version 6.0.32. This issue allows attackers to inject malicious JavaScript by naming a document or folder with an XSS payload. Once the document is added to the clipboard, the injected script can be executed.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, create a folder or document named with a script tag containing JavaScript, such as a JavaScript alert. After creating the folder or document, add it to the clipboard. The XSS payload will be executed when the folder name is clicked or the page is refreshed.

Remediation

Users can upgrade to SeedDMS version 6.0.33 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

7.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

7.7

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SeedDMS Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

SeedDMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating