Logicaldoc

Logicaldoc

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-25258

Exploit
  • EPSS 1.88%
  • Veröffentlicht 24.12.2025 19:28:06
  • Zuletzt bearbeitet 09.01.2026 20:50:45

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniq...

8.1

CVE-2025-12547

Exploit
  • EPSS 0.24%
  • Veröffentlicht 31.10.2025 18:32:08
  • Zuletzt bearbeitet 07.11.2025 01:36:29

A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication ...

5.4

CVE-2025-12546

Exploit
  • EPSS 0.05%
  • Veröffentlicht 31.10.2025 18:32:05
  • Zuletzt bearbeitet 07.11.2025 01:30:56

A vulnerability was determined in LogicalDOC Community Edition up to 9.2.1. This affects an unknown part of the component API Key creation UI. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit h...

5.4

CVE-2025-11946

Exploit
  • EPSS 0.05%
  • Veröffentlicht 19.10.2025 21:32:06
  • Zuletzt bearbeitet 07.11.2025 01:25:30

A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Comp...

8.8

CVE-2024-54449

  • EPSS 0.49%
  • Veröffentlicht 14.03.2025 18:15:30
  • Zuletzt bearbeitet 07.11.2025 02:22:43

The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to f...

6.1

CVE-2024-12020

  • EPSS 0.3%
  • Veröffentlicht 14.03.2025 18:15:27
  • Zuletzt bearbeitet 07.11.2025 02:19:49

There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not po...

7.2

CVE-2024-54448

  • EPSS 0.26%
  • Veröffentlicht 14.03.2025 18:01:25
  • Zuletzt bearbeitet 07.11.2025 02:21:41

The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting ...

5.4

CVE-2022-47418

Exploit
  • EPSS 0.26%
  • Veröffentlicht 07.02.2023 23:15:08
  • Zuletzt bearbeitet 25.03.2025 15:15:17

LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments.

5.4

CVE-2022-47416

Exploit
  • EPSS 0.26%
  • Veröffentlicht 07.02.2023 22:15:10
  • Zuletzt bearbeitet 25.03.2025 14:15:18

LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system.

5.4

CVE-2022-47417

Exploit
  • EPSS 0.26%
  • Veröffentlicht 07.02.2023 22:15:10
  • Zuletzt bearbeitet 25.03.2025 15:15:17

LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name.