108 matches found
Cross site scripting
kkFileView v4.0.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...
Keking kkFileView 跨站脚本漏洞
Keking KkFileview is a Spring-Boot build file document online preview project from Keking Technology Keking, China. A security vulnerability exists in kkFileView version 4.0.0, which originates from. A cross-site scripting XSS vulnerability was found via the url parameter in...
CVE-2022-29349
kkFileView 4.0.0 is affected by CVE-2022-29349, with multiple XSS vulnerabilities exposed via the url/currentUrl parameters in /controller/OnlinePreviewController.java. The issue enables injection of script code into a victim’s browser, potentially enabling session hijacking, defacement, or leaka...
CVE-2021-43734
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host...
CVE-2021-43734
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host...
CVE-2021-43734
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host...
Keking kkFileview 路径遍历漏洞
Keking KkFileview is a Spring-Boot project from Keking Technology Keking, a Chinese company that builds online previews for documents. A security vulnerability exists in Keking KkFileview, which originates from the presence of a directory traversal vulnerability to read arbitrary files, which cou...
Cross-site Scripting (XSS) - Generic in kekingcn/kkfileview
Description kkFileView this package is vulnerable to Stored Cross-Site Scripting XSS. https://github.com/kekingcn/kkFileView Steps To Reproduce-: stored XSS 1 install https://github.com/kekingcn/kkFileView locally or https://file.keking.cn/index use demo 2 while uploading files for preview use js...