A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the...
5.4CVSS
4.9AI Score
0.0004EPSS
An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor...
7.5CVSS
7.3AI Score
0.001EPSS
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS...
5.4CVSS
5.2AI Score
0.001EPSS
If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note"...
5.4CVSS
5.2AI Score
0.001EPSS
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...
5.5CVSS
5.5AI Score
0.0004EPSS
5.4CVSS
5.1AI Score
0.001EPSS
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection...
9.8CVSS
9.5AI Score
0.002EPSS
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Filesystem path control in the admin's....
7.2CVSS
8.6AI Score
0.081EPSS
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks...
5.4CVSS
5.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to...
5.4AI Score
0.002EPSS
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit...
7.2AI Score
0.004EPSS
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to...
8.8AI Score
0.012EPSS
Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party...
7.6AI Score
0.003EPSS