VYPR

Document Management System

by Openkm

Source repositories

CVEs (5)

  • CVE-2019-11445HigApr 22, 2019
    risk 0.51cvss 7.2epss 0.14

    OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path…

  • CVE-2021-3628MedAug 30, 2021
    risk 0.30cvss 4.6epss 0.01

    OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.

  • CVE-2026-41917MedMay 26, 2026
    risk 0.25cvss 4.9epss 0.00

    OpenKM 6.3.12 contains a local file inclusion vulnerability in the administrative scripting interface at /admin/Scripting that allows authenticated administrators to read arbitrary files by supplying an attacker-controlled filesystem path through the fsPath parameter with…

  • CVE-2021-33950HigFeb 17, 2023
    risk 0.00cvss 7.5epss 0.01

    An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function.

  • CVE-2022-3969LowNov 13, 2022
    risk 0.00cvss 2.6epss 0.01

    A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is…