According to Rapid7, numerous cross-site scripting (XSS) flaws in well-known document management system (DMS) products could give attackers access to private documents.
Users can manage the creation, distribution, and storage of documents with the aid of DMS solutions. They might also offer tools for teamwork and assistance with handling different file types. Eight XSS flaws were discovered in software from OnlyOffice, OpenKM, LogicalDOC, and Mayan. These flaws are all related to improper input neutralization during web page generation.
However, none of these problems have been settled. Rapid7 attempted to get in touch with the impacted vendors, but none of them responded.
Read More: Vulnerabilities in Popular DMS Products Can Expose Sensitive Documents
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.