CVE-2025-11946 | LogicalDOC Community Edition up to 9.2.1 Add Contact Page /frontend.jsp First Name/Last Name/Company/Address/Phone/Mobile cross site scripting

A vulnerability marked as problematic has been reported in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile results in cross site scripting.

This vulnerability is known as CVE-2025-11946. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11946 | LogicalDOC Community Edition up to 9.2.1 Add Contact Page /frontend.jsp First Name/Last Name/Company/Address/Phone/Mobile cross site scripting

Post correlati

CVE-2025-25333 | IKEA CN 4.13.0 on iOS Link information disclosure

CVE-2024-10620 | knightliao Disconf 2.6.36 Configuration Center /api/config/list improper authentication

CVE-2025-8774 | riscv-boom SonicBOOM up to 2.2.3 L1 Data Cache timing discrepancy

CVE-2024-23148 | Autodesk AutoCAD/Advance Steel and Civil 3D 2024 CATPRODUCT File CC5Dll.dll memory corruption