Lucene search

GoogleOSV:CVE-2021-3628

HistoryAug 30, 2021 - 6:15 p.m.

CVE-2021-3628

2021-08-3018:15:09

Google

osv.dev

openkm

community edition

6.3.10

cross-site scripting

xss

remote attacker

arbitrary code

uuid parameter

software

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.

References

docs.openkm.com/kcenter/view/okm-6.3-com/migration-guide.html

github.com/openkm/document-management-system/issues/278

www.incibe-cert.es/en/early-warning/security-advisories/openkm-document-management-community-vulnerable-cross-site