CVE-2014-2280 Information

Description

Cross-site scripting (XSS) vulnerability in the search feature in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Reference

http://archives.neohapsis.com/archives/bugtraq/2014-03/0101.html http://packetstormsecurity.com/files/125726 http://secunia.com/advisories/57475 http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG https://exchange.xforce.ibmcloud.com/vulnerabilities/91830