Logicaldoc Logicaldoc Enterprise

12 CVEs affecting Logicaldoc Logicaldoc Enterprise. Latest disclosed: 2025-03-14. Critical: 0, High: 2.

Top CVEs affecting Logicaldoc Logicaldoc Enterprise
CVESeverityScorePublishedSummary
CVE-2024-54449High8.82025-03-14The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with contro…
CVE-2024-54448High7.22025-03-14The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with admin…
CVE-2024-12020Medium6.12025-03-14There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into…
CVE-2022-47418Medium5.42023-02-07LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document ver…
CVE-2022-47417Medium5.42023-02-07LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document fil…
CVE-2022-47416Medium5.42023-02-07LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system.
CVE-2022-47415Medium5.42023-02-07LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app messa…
CVE-2024-544472025-03-14Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacke…
CVE-2024-544462025-03-14Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the att…
CVE-2024-544452025-03-14Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can…
CVE-2024-122452025-03-14Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker ca…
CVE-2024-120192025-03-14The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlyin…