No response or patch yet forthcoming from providers of vulnerable document management systems
Researchers have disclosed a raft of serious document management system (DMS) vulnerabilities impacting four enterprise vendors who have not yet resolved the issues.
In a blog post published on Tuesday (February 7), Tod Beardsley, director of research at Rapid7, said the cross-site scripting (XSS) flaws affected vendors ONLYOFFICE, OpenKM, LogicalDOC, and Mayan.
All software examined by Rapid7 are on-prem, cloud, open source, or freemium DMS solutions.
Read more of the latest security vulnerability news
“Given the high severity of a stored XSS vulnerability in a document management system, especially one that is often part of automated workflows, administrators are urged to apply any vendor-supplied updates on an emergency basis,” the researchers advise.
No such updates have emerged at the time of writing, however.
Bug breakdown
The most severe issue belongs to ONLYOFFICE’s Workspace enterprise app platform. Tracked as CVE-2022-47412 and believed to impact versions from 0 through 12.1.0.1760, the stored cross-site scripting (XSS) vulnerability could be exploited if an attacker can ensure a malicious document is saved in the DMS for indexing.
When a victim has unwittingly saved the document and triggered the XSS condition, an attacker could steal session cookies to create new, privileged accounts or perform a browser session hook and secure access to stored documents.
Another two vulnerabilities, CVE-2022-47413 and CVE-2022-47414, impact OpenKM’s open source DMS version 6.3.12. CVE-2022-47413 is another stored XSS bug that requires a victim to save a malicious document in the DMS. The other vulnerability requires an attacker to
Read more