Document Management System
Monthly
Document Management System versions up to 600 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
Unauthenticated attackers can manipulate unvalidated URL parameters in S4core, Document Management System, and ERP applications to redirect users to malicious websites, potentially compromising user credentials or distributing malware. The vulnerability requires user interaction to exploit and has limited impact on confidentiality and integrity, with no availability impact. No patch is currently available.
code-projects Document Management System 1.0 has a Cross Site Scripting (XSS) vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unrestricted file upload in code-projects Document Management System 1.0 via the /insert.php endpoint allows authenticated remote attackers to upload arbitrary files by manipulating the uploaded_file parameter, potentially enabling remote code execution or data exfiltration. Publicly available exploit code exists, though EPSS score of 0.06% suggests limited real-world exploitation likelihood due to low attack impact and authenticated access requirement.
Document Management System versions up to 600 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
Unauthenticated attackers can manipulate unvalidated URL parameters in S4core, Document Management System, and ERP applications to redirect users to malicious websites, potentially compromising user credentials or distributing malware. The vulnerability requires user interaction to exploit and has limited impact on confidentiality and integrity, with no availability impact. No patch is currently available.
code-projects Document Management System 1.0 has a Cross Site Scripting (XSS) vulnerability, where attackers can leak admin's cookie information by entering malicious XSS code in the Company field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Unrestricted file upload in code-projects Document Management System 1.0 via the /insert.php endpoint allows authenticated remote attackers to upload arbitrary files by manipulating the uploaded_file parameter, potentially enabling remote code execution or data exfiltration. Publicly available exploit code exists, though EPSS score of 0.06% suggests limited real-world exploitation likelihood due to low attack impact and authenticated access requirement.