CVE-2025-11946

Medium CVSS: 5.1

A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Logicaldoc

Product

Logicaldoc

CWE

CWE-79

Yayın Tarihi

2025-10-19 22:15:36

Güncelleme

2025-11-07 01:25:30

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 Logicaldoc MEDIUM Logicaldoc 2025

Referanslar

https://gist.github.com/thezeekhan/231d87163fbb84f94c9c94f13b88db90 https://gist.github.com/thezeekhan/231d87163fbb84f94c9c94f13b88db90#steps-to-reproduce https://vuldb.com/?ctiid.329026 https://vuldb.com/?id.329026 https://vuldb.com/?submit.671389

Benzer Kayıtlar

High

CVE-2019-25258

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers t…

Medium

CVE-2025-12546

A vulnerability was determined in LogicalDOC Community Edition up to 9.2.1. This affects an unknown part of the componen…

Medium

CVE-2025-12547

A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of t…

High

CVE-2024-54448

The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying…

High

CVE-2024-54449

The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticat…

Medium

CVE-2024-12020

There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthentica…