Radio silence from DMS vendor quartet over XSS zero-days

Enterprise document management system (DMS) vendors, ONLYOFFICE, OpenKM, LogicalDOC, and Mayan, are yet to resolve several severe DMS vulnerabilities, according to cybersecurity firm Rapid7. It warned that stored cross-site scripting (XSS) flaws in the systems pose high risks. No patches or updates have been released, and vendors have not responded to Rapid7’s disclosures.