CVE-2012-4567

medium

Published 2017-10-23 · Modified 2026-05-13

CVSS v3

6.1

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2

4.3

VIR risk

6.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) inc/inc.ClassUI.php or (2) out/out.DocumentNotify.php.

Predictions

Exploit likelihood

71%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG

Application impact

Vendor	Product	Versions
letodms_project	letodms	`3.3.0`
letodms_project	letodms	`3.3.1`
letodms_project	letodms	`3.3.2`
letodms_project	letodms	`3.3.3`
letodms_project	letodms	`3.3.4`
letodms_project	letodms	`3.3.5`
letodms_project	letodms	`3.3.6`
letodms_project	letodms	`3.3.7`

References

http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG
http://www.openwall.com/lists/oss-security/2012/10/06/1
http://www.openwall.com/lists/oss-security/2012/10/31/7
http://www.securityfocus.com/bid/55822
http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG
http://www.openwall.com/lists/oss-security/2012/10/06/1
http://www.openwall.com/lists/oss-security/2012/10/31/7
http://www.securityfocus.com/bid/55822

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.