CVE-2025-25461

Published: Feb 28, 2025

Modified: Feb 28, 2025

PUBLISHED

Description

A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the "Add Category" permission can inject a malicious XSS payload into the category name field. When a document is subsequently associated with this category, the payload is stored on the server and rendered without proper sanitization or output encoding. This results in the XSS payload executing in the browser of any user who views the document.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.seeddms.org/

https://github.com/RoNiXxCybSeC0101/CVE-2025-25461

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-25461

Description

Affected Products

References