CVE-2022-46934

kkFileView v4.1.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...

Cross site scripting

kkFileView v4.1.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...

CVE-2022-46934

kkFileView v4.1.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...

EUVD-2022-49713

kkFileView v4.1.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...

CVE-2022-46934

kkFileView 4.1.0 is vulnerable to a Cross-Site Scripting (XSS) flaw in the url parameter of /controller/OnlinePreviewController.java. An attacker can inject arbitrary script into the victim’s browser, potentially stealing cookies or influencing page behavior. This aligns with multiple public repo...

CVE-2022-46934

kkFileView v4.1.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...

kkFileView 跨站脚本漏洞

Keking kkFileView is a Spring-Boot project to build online preview of documents by Keking Technology Keking. A security vulnerability exists in kkFileView v4.1.0, which stems from the /controller/OnlinePreviewController.java component's manipulation of the url parameter allowing an attacker to...

kkFileView cross-site scripting vulnerability (CNVD-2023-00013)

kkFileView is China's Keking Technology Keking company's a Spring-Boot to create a file document online preview project . A cross-site scripting vulnerability exists in kkFileView, which stems from the setWatermarkAttribute function in the /picturesPreview file that allows an attacker to implemen...

CVE-2022-4740

A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the...

CVE-2022-4740

A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the...

CVE-2022-4740

CVE-2022-4740 affects kkFileView, specifically the function setWatermarkAttribute in /picturesPreview. The vulnerability enables cross-site scripting and may be exploitable remotely; multiple sources state the exploit has been disclosed publicly. Affected versions are not consistently specified a...

CVE-2022-4740 kkFileView picturesPreview setWatermarkAttribute cross site scripting

A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the...

kkFileView 跨站脚本漏洞

kkFileView is China's Keking Technology Keking company's a Spring-Boot to create a file document online preview project . A cross-site scripting vulnerability exists in kkFileView, which stems from the setWatermarkAttribute function in the /picturesPreview file that allows an attacker to implemen...

PT-2022-28055 · Unknown · Kkfileview

Name of the Vulnerable Software and Affected Versions: kkFileView affected versions not specified Description: A problematic issue has been found in kkFileView, affecting the setWatermarkAttribute function of the file /picturesPreview. This issue leads to cross-site scripting and can be launched...

CVE-2022-43140

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url paramete...

CVE-2022-43140

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url paramete...

PT-2022-26771 · Unknown · Kkfileview

Name of the Vulnerable Software and Affected Versions: kkFileView version 4.1.0 Description: The issue allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. This is achieved through a Server-Side Request Forgery SSRF in the...

CVE-2022-43140

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url paramete...

CVE-2022-43140

kkFileView 4.1.0 is vulnerable to a Server-Side Request Forgery (SSRF) in cn.keking.web.controller.OnlinePreviewController#getCorsFile. By injecting crafted URLs into the url parameter, an attacker can force the application to make arbitrary outbound requests, potentially exposing internal resour...