Publish date
24 July 2018
Identifier
CVE-2018-12943
Manufacturer
SeedDMS
Product
SeedDMS
Patched
Patched on 2nd July 2018 in version 5.1.8.
See https://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG.
Authors
Dennis Herrmann and Malte Poll
Description
Cross-Site Scripting (XSS) vulnerability in every page that includes the "action" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the "action" parameter.