Cross-site scripting (XSS) vulnerability in the search feature in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.Referenceshttp://archives.neohapsis.com/archives/bugtraq/2014-03/0101.htmlhttp://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOGhttps://exchange.xforce.ibmcloud.com/vulnerabilities/91830http://secunia.com/advisories/57475http://packetstormsecurity.com/files/125726
