CVE-2022-47418

CVE-2022-47418: LogicalDOC Document Version Comment Stored XSS

Vendor Logicaldoc

Product LogicalDOC Enterprise

Weakness CWE-79 · XSS

Published February 7, 2023

Last update March 25, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments.

Key dates

02Disclosure timeline

February 7, 2023 CVE published

March 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-47418 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2022-1530 Cross-site Scripting (XSS) in livehelperchat/livehelperchat CVE-2025-49955 WordPress WP Smart Flexslider Plugin <= 2.5 - Cross Site Scripting (XSS) Vulnerability CVE-2024-38640 Download Station CVE-2024-8729 Easy Social Share Buttons <= 1.4.5 - Reflected Cross-Site Scripting CVE-2024-4687 Campcodes Complete Web-Based School Management System create_events.php cross site scripting

Identifiers

CVE CVE-2022-47418

CWE CWE-79

Affected versions

Vendor Logicaldoc

Product LogicalDOC Enterprise

Affected ≤ 8.8.2

Vendor Logicaldoc

Product LogicalDOC Community Edition

Affected ≤ 8.7.3