Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Unpatched Security Flaws Disclosed in Multiple Document Management Systems

Feb 08, 2023Ravie LakshmananVulnerability Management

Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System (DMS) offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM.

Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which “an attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed and triggered by the user, giving the attacker multiple paths to control the organization.”

The list of eight cross-site scripting (XSS) flaws, discovered by Rapid7 researcher Matthew Kienow, is as follows –

  • CVE-2022-47412 – ONLYOFFICE Workspace Search Stored XSS
  • CVE-2022-47413 and CVE-2022-47414 – OpenKM Document and Application XSS
  • CVE-2022-47415, CVE-2022-47416, CVE-2022-47417, and CVE-2022-47418 – LogicalDOC Multiple Stored XSS
  • CVE-2022-47419 – Mayan EDMS Tag Stored XSS

Stored XSS, also known as persistent XSS, occurs when a malicious script is injected directly into a vulnerable web application (e.g., via a comment field), causing the rogue code to be activated upon each visit to the application.

A threat actor can exploit the aforementioned flaws by providing a decoy document, granting the interloper the ability to further their control over the compromised network,

“A typical attack pattern would be to steal the session cookie that a locally-logged in administrator is authenticated with, and reuse that session cookie to impersonate that user to create a new privileged account,” Tod Beardsley, director of research at Rapid7, said.

In an alternative scenario, the attacker could abuse the identity of the victim to inject arbitrary commands and gain stealthy access to the stored documents.

The cybersecurity firm noted that the flaws were reported to the respective vendors on December 1, 2022, and continue to remain unfixed despite coordinating the disclosures with CERT Coordination Center (CERT/CC).

Users of the affected DMS are advised to proceed with caution when importing documents from unknown or untrusted sources as well as limit the creation of anonymous, untrusted users and restrict certain features such as chats and tagging to known users.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related News

Portion of Twitter’s proprietary source code leaked on GitHub

Portion of Twitter’s proprietary source code leaked on GitHub

Reportedly, the source code remained public for several months before being taken down by GitHub. According to a news report…
Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned

Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned

At Pwn2Own 2023, participants were awarded a full bounty (more than $1,000,000) in each round for successful exploits. Pwn2Own, as…
Latitude Financial Data Breach: 14 Million Customers Affected

Latitude Financial Data Breach: 14 Million Customers Affected

The Australian consumer lender, Latitude Financial, has suffered a major cyber attack, leading to a data breach of passport and…