CVE-2025-12546 | LogicalDOC Community Edition up to 9.2.1 API Key creation UI cross site scripting

Inserito da Angelo Barbosa | Ott 31, 2025 | CVE

A vulnerability classified as problematic has been found in LogicalDOC Community Edition up to 9.2.1. This affects an unknown part of the component API Key creation UI. This manipulation causes cross site scripting.

This vulnerability is registered as CVE-2025-12546. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-12546 | LogicalDOC Community Edition up to 9.2.1 API Key creation UI cross site scripting

Post correlati

CVE-2024-5745 | itsourcecode Bakery Online Ordering System 1.0 controller.php image unrestricted upload

CVE-2024-10862 | NEX-Forms Plugin up to 8.7.13 on WordPress sql injection

CVE-2025-25215 | Dell ControlVault3/ControlVault3 Plus cv_close release of reference (dsa-2025-053)

CVE-2023-5756 | Supsystic Digital Publications Plugin up to 1.7.6 on WordPress AJAX Action cross-site request forgery