Skip to content
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

CVE

Description

SeedDMS versions 6.0.18 and 5.1.25 are prone to stored XSS. It is possible to inject javascript code inside the "Role management" menu, inside the name field, and then trigger the payload by loading the "Users management" menu

POC

Injecting the payload

Triggering the payload

Remediation

Sanitize user input using "htmlspecialchars" php function

Reference

https://sourceforge.net/p/seeddms/code/ci/9e92524fdbd1e7c3e6771d669f140c62389ec375/

Timeline

  • [28/03/2022] Vulnerability evidence sent to the vendor
  • [28/03/2022] Vulnerability confirmed by the vendor
  • [28/03/2022] Vulnerability fixed by the vendor

Notes

Thanks to the main developer of SeedDMS, Uwe Steinmann, that immediately acknowledged the vulnerability and fixed it.