CVE-2025-11946 | LogicalDOC Community Edition up to 9.2.1 Add Contact Page /frontend.jsp First Name/Last Name/Company/Address/Phone/Mobile cross site scripting

A vulnerability marked as problematic has been reported in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile results in cross site scripting.

This vulnerability is known as CVE-2025-11946. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More