A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the...
5.4CVSS
4.9AI Score
0.0004EPSS
An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor...
7.5CVSS
7.3AI Score
0.001EPSS
If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note"...
5.4CVSS
5.2AI Score
0.001EPSS
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS...
5.4CVSS
5.2AI Score
0.001EPSS
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...
5.5CVSS
5.5AI Score
0.0004EPSS
5.4CVSS
5.1AI Score
0.001EPSS
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection...
9.8CVSS
9.5AI Score
0.002EPSS