CVE-2025-12546

Medium CVSS: 5.1

A vulnerability was determined in LogicalDOC Community Edition up to 9.2.1. This affects an unknown part of the component API Key creation UI. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Logicaldoc

Product

Logicaldoc

CWE

CWE-79

Yayın Tarihi

2025-10-31 19:15:49

Güncelleme

2025-11-07 01:30:56

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 Logicaldoc MEDIUM Logicaldoc 2025

Referanslar

https://gist.github.com/thezeekhan/fa0dcfda4f1f915c625d3f89f8ec0529 https://vuldb.com/?ctiid.330806 https://vuldb.com/?id.330806 https://vuldb.com/?submit.677170

Benzer Kayıtlar

High

CVE-2019-25258

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers t…

Medium

CVE-2025-12547

A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of t…

Medium

CVE-2025-11946

A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown process…

High

CVE-2024-54448

The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying…

High

CVE-2024-54449

The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticat…

Medium

CVE-2024-12020

There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthentica…