Openkm
Products
1- 7 CVEs
Recent CVEs
7| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-8957 | Med | 0.35 | 5.4 | 0.00 | Oct 6, 2017 | Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. | |
| CVE-2012-2315 | 0.04 | — | 0.07 | Sep 9, 2012 | admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action. | ||
| CVE-2012-2316 | 0.03 | — | 0.02 | Sep 9, 2012 | Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp. | ||
| CVE-2022-47414 | 0.00 | — | 0.00 | Feb 7, 2023 | If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality. | ||
| CVE-2022-47413 | 0.00 | — | 0.00 | Feb 7, 2023 | Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition. | ||
| CVE-2014-9017 | 0.00 | — | 0.00 | Mar 11, 2015 | Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp. | ||
| CVE-2008-2226 | 0.00 | — | 0.00 | May 14, 2008 | Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information. |
- risk 0.35cvss 5.4epss 0.00
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.
- CVE-2012-2315Sep 9, 2012risk 0.04cvss —epss 0.07
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
- CVE-2012-2316Sep 9, 2012risk 0.03cvss —epss 0.02
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp.
- CVE-2022-47414Feb 7, 2023risk 0.00cvss —epss 0.00
If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality.
- CVE-2022-47413Feb 7, 2023risk 0.00cvss —epss 0.00
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition.
- CVE-2014-9017Mar 11, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.
- CVE-2008-2226May 14, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information.