CVE
Description
SeedDMS versions 6.0.18 and 5.1.25 are prone to stored XSS. It is possible to inject javascript code inside the "Role management" menu, inside the name field, and then trigger the payload by loading the "Users management" menu
POC
Injecting the payload
Triggering the payload
Remediation
Sanitize user input using "htmlspecialchars" php function
Reference
https://sourceforge.net/p/seeddms/code/ci/9e92524fdbd1e7c3e6771d669f140c62389ec375/
Timeline
- [28/03/2022] Vulnerability evidence sent to the vendor
- [28/03/2022] Vulnerability confirmed by the vendor
- [28/03/2022] Vulnerability fixed by the vendor
Notes
Thanks to the main developer of SeedDMS, Uwe Steinmann, that immediately acknowledged the vulnerability and fixed it.

