Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Vulnerabilities in Popular DMS Products Can Expose Sensitive Documents

Multiple XSS vulnerabilities in popular document management system (DMS) products could allow attackers to access sensitive documents.

Multiple cross-site scripting (XSS) vulnerabilities in popular document management system (DMS) products could allow attackers to access sensitive documents, Rapid7 reports.

DMS solutions help users manage the production, storage, and distribution of documents. They may also provide collaboration capabilities and support for managing other types of files.

A total of eight XSS vulnerabilities were identified in products from OnlyOffice, OpenKM, LogicalDOC, and Mayan, all of which can be described as issues related to improper neutralization of input during web page generation. 

None of these issues, however, has been resolved. Despite Rapid7’s efforts to contact the impacted vendors, none of them responded.

All the vulnerable DMS solutions – available as on-prem or cloud-hosted collaboration platforms – are designed for small to medium-sized businesses (SMBs) and the exploitation of the identified bugs in attacks could have dire consequences.

Tracked as CVE-2022-47412, the most severe of the vulnerabilities impacts OnlyOffice Workspace and requires an attacker to trick a user into storing a malicious document in the DMS and then convince them to open the document via an embedded search function.

Two XSS bugs (CVE-2022-47413 and CVE-2022-47414) were identified in OpenKM. The first of the issues can be triggered like CVE-2022-47412, but the second requires access to the OpenKM console.

Four XSS vulnerabilities were found in the LogicalDOC DMS: CVE-2022-47415 in the in-app messaging system, CVE-2022-47416 in the chat system, CVE-2022-47417 in the document file name, and CVE-2022-47418 in stored version comments.

Advertisement. Scroll to continue reading.

The Mayan EDMS flaw, CVE-2022-47419, impacts the platform’s in-product tagging system.

An attacker exploiting any of these vulnerabilities could steal the session cookie of a locally logged-in administrator and then impersonate the user to create a rogue account on the platform, which would provide them with access to all documents stored in the DMS.

Rapid7 recommends that users pay extra care when importing documents from unknown or untrusted sources into the DMS and that administrators limit the creation of anonymous, untrusted users for the affected DMS products.

Affected DMS versions include OnlyOffice Workspace 12.1.0.1760, OpenKM 6.3.12, LogicalDOC CE/Enterprise 8.7.3/8.8.2, LogicalDOC Enterprise 8.8.2, and Mayan EDMS 4.3.3.

“Given the high severity of a stored XSS vulnerability in a document management system, especially one that is often part of automated workflows, administrators are urged to apply any vendor-supplied updates on an emergency basis,” Rapid7 notes.

Related: Atlassian Warns of Critical Jira Service Management Vulnerability

Related: Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication

Related: F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.