VYPR

Community Edition

by Openkm

CVEs (4)

  • CVE-2022-2131HigJul 25, 2022
    risk 0.55cvss 8.5epss 0.01

    OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack.

  • CVE-2024-35475MedMay 22, 2024
    risk 0.42cvss 6.4epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL…

  • CVE-2025-57244MedNov 5, 2025
    risk 0.35cvss 5.4epss 0.00

    OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend…

  • CVE-2021-3628MedAug 30, 2021
    risk 0.30cvss 4.6epss 0.01

    OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.