Publish date
24 July 2018
Identifier
CVE-2018-12944
Manufacturer
SeedDMS
Product
SeedDMS
Patched
Patched on 2nd July 2018 in version 5.1.8.
See https://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG.
Authors
Dennis Herrmann and Malte Poll
Description
Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject persistent arbitrary web script or HTML via the name field.