February 8, 2023Rabbi LakshmananVulnerability management

Multiple unpatched security flaws have been identified in open source and freemium document management systems (DMS) from four vendors: LogicalDOC, Mayan, ONLYOFFICE, and OpenKM.

Cybersecurity firm Rapid7 said eight vulnerabilities “allow attackers to convince human operators to store malicious documents on the platform, and once the documents are indexed and triggered by users, take control of the organization. provide a mechanism that gives attackers multiple paths to .”

A list of eight cross-site scripting (XSS) The flaws discovered by Rapid7 researcher Matthew Kienow are:

  • CVE-2022-47412 – ONLYOFFICE workspace search save XSS
  • CVE-2022-47413 and CVE-2022-47414 – OpenKM documents and application XSS
  • CVE-2022-47415, CVE-2022-47416, CVE-2022-47417, CVE-2022-47418 – LogicalDOC multiple save XSS
  • CVE-2022-47419 – Mayan EDMS Tag Stored XSS

Stored XSS, also known as persistent XSS, occurs when malicious script is injected directly into a vulnerable web application (e.g. via a comment field), activating the malicious code each time the application is accessed. Become.

A threat actor can exploit the aforementioned flaw by providing a decoy document to give an intruder the ability to gain further control over a compromised network.

“A typical attack pattern is for a locally logged-in administrator to steal an authenticated session cookie and reuse that session cookie to impersonate that user and create a new privileged account,” said Rapid7. said Tod Beardsley, director of research at Said.

In another scenario, an attacker could exploit the victim’s identity to inject arbitrary commands and gain stealth access to stored documents.

The cybersecurity firm said the flaw was reported to its respective vendor on December 1, 2022 and remains unfixed despite coordinating the disclosure with the CERT Coordination Center (CERT/CC). .

Users of affected DMS should exercise caution when importing documents from unknown or untrusted sources, limit the creation of anonymous untrusted users, and restrict certain features such as chat and tagging to known users. recommended.

Did you find this article interesting?Please follow us twitter and LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog