CVE-2022-28051 Information

Description

The \Add category\ functionality inside the \Global Keywords\ menu in \SeedDMS\ version 6.0.18 and 5.1.25 is prone to stored XSS which allows an attacker to inject malicious javascript code.

Reference

https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/blob/main/CVE-2022-28051/README.md https://sourceforge.net/p/seeddms/code/ci/6fc17be5d95e8f00fbe5c124c4acd377fa2ce69d/ https://github.com/looCiprian/Responsible-Vulnerability-Disclosure/tree/main/CVE-2022-28051