Logicaldoc Logicaldoc Enterprise
12 CVEs affecting Logicaldoc Logicaldoc Enterprise. Latest disclosed: 2025-03-14. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-54449 | High | 8.8 | 2025-03-14 | The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with contro… |
CVE-2024-54448 | High | 7.2 | 2025-03-14 | The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with admin… |
CVE-2024-12020 | Medium | 6.1 | 2025-03-14 | There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into… |
CVE-2022-47418 | Medium | 5.4 | 2023-02-07 | LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document ver… |
CVE-2022-47417 | Medium | 5.4 | 2023-02-07 | LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document fil… |
CVE-2022-47416 | Medium | 5.4 | 2023-02-07 | LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system. |
CVE-2022-47415 | Medium | 5.4 | 2023-02-07 | LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app messa… |
CVE-2024-54447 | | 2025-03-14 | Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacke… | |
CVE-2024-54446 | | 2025-03-14 | Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the att… | |
CVE-2024-54445 | | 2025-03-14 | Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can… | |
CVE-2024-12245 | | 2025-03-14 | Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker ca… | |
CVE-2024-12019 | | 2025-03-14 | The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlyin… |