Unrated severityNVD Advisory· Published Mar 14, 2025· Updated Mar 18, 2025
Reflected Cross-Site Scripting (XSS)
CVE-2024-12020
Description
There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possible due to cookie security flags, however the XSS may be used to induce a victim to perform on-site requests without their knowledge.
This vulnerability only affects LogicalDOC Enterprise.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- LogicalDOC/LogicalDOC Enterprisev5Range: 0
Patches
Vulnerability mechanics
References
1- www.blackduck.com/blog/cyrc-advisory-logicaldoc.htmlmitrethird-party-advisory
News mentions
0No linked articles in our index yet.