CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

108 matches found

CNNVD•added 2022/11/17 12:0 a.m.•2 views

kkFileView 代码问题漏洞

Keking kkFileView is China's Keking Technology Keking company's Spring-Boot to build a file document online preview project . A security vulnerability exists in kkFileView v4.1.0, which stems from the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile containing server-side...

7.5CVSS7.3AI score0.30815EPSS

Exploits1References2

Cvelist•added 2022/11/17 12:0 a.m.•17 views

CVE-2022-43140

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url paramete...

7.9AI score0.30815EPSS

Exploits1References1

OSV•added 2022/10/17 9:15 p.m.•16 views

CVE-2022-42147

kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\ Filecontroller.java...

6.1CVSS6AI score

Exploits0References1

NVD•added 2022/10/17 9:15 p.m.•11 views

CVE-2022-42147

kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\ Filecontroller.java...

6.1CVSS0.00247EPSS

Exploits0References1

Prion•added 2022/10/17 9:15 p.m.•17 views

Cross site scripting

kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\ Filecontroller.java...

5.8CVSS6AI score0.00247EPSS

Exploits0References1Affected Software1

NVD•added 2022/10/17 8:15 p.m.•10 views

CVE-2022-42149

kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...

9.8CVSS0.42841EPSS

Exploits0References1

OSV•added 2022/10/17 8:15 p.m.•9 views

CVE-2022-42149

kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...

9.8CVSS6.9AI score

Exploits0References1

Cvelist•added 2022/10/17 12:0 a.m.•15 views

CVE-2022-42149

kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...

9.7AI score0.42841EPSS

Exploits0References1

Vulnrichment•added 2022/10/17 12:0 a.m.•7 views

CVE-2022-42149

kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...

6.9AI score0.42841EPSS

Exploits0References1

CNNVD•added 2022/10/17 12:0 a.m.•2 views

Keking kkFileView 跨站脚本漏洞

Keking kkFileView is a Spring-Boot project from Keking Technology Keking, a Chinese company that builds online previews for documents. A security vulnerability exists in Keking kkFileView version 4.0, which can be exploited to implement cross-site scripting via its controllerFilecontroller.java...

6.1CVSS5.9AI score0.00247EPSS

Exploits0References2

Vulnrichment•added 2022/10/17 12:0 a.m.•10 views

CVE-2022-42147

kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\ Filecontroller.java...

6AI score0.00247EPSS

Exploits0References1

CNNVD•added 2022/10/17 12:0 a.m.•3 views

Keking kkFileView 代码问题漏洞

Keking kkFileView is a Spring-Boot project for online previewing of documents from Keking Technology Keking. A security vulnerability exists in Keking kkFileView version 4.0, which originates from a cross-site request forgery that can be realized by an attacker through its...

9.8CVSS8.1AI score0.42841EPSS

Exploits0References2

CVE•added 2022/10/17 12:0 a.m.•56 views

CVE-2022-42147

CVE-2022-42147 affects kkFileView 4.0. The provided documents identify a Cross Site Scripting (XSS) vulnerability via the file controller component named Filecontroller.java . The CVE entry lists a base CVSS v3.1 score of 6.1 (Impact: Confidentiality/Integrity Low, Availability None; Network atta...

6.1CVSS5.9AI score0.00247EPSS

Exploits0References1Affected Software1

Cvelist•added 2022/10/17 12:0 a.m.•16 views

CVE-2022-42147

kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\ Filecontroller.java...

6.1AI score0.00247EPSS

Exploits0References1

NVD•added 2022/09/29 5:15 p.m.•10 views

CVE-2022-40879

kkFileView v4.1.0 is vulnerable to Cross Site Scripting XSS via the parameter 'errorMsg.'...

6.1CVSS0.02352EPSS

Exploits1References1

OSV•added 2022/09/29 5:15 p.m.•10 views

CVE-2022-40879

kkFileView v4.1.0 is vulnerable to Cross Site Scripting XSS via the parameter 'errorMsg.'...

6.1CVSS6AI score

Exploits0References1

Prion•added 2022/09/29 5:15 p.m.•15 views

Cross site scripting

kkFileView v4.1.0 is vulnerable to Cross Site Scripting XSS via the parameter 'errorMsg.'...

5.8CVSS5.9AI score0.02352EPSS

Exploits1References1Affected Software1

CVE•added 2022/09/29 4:22 p.m.•59 views

CVE-2022-40879

kkFileView 4.1.0 is vulnerable to Cross-Site Scripting (XSS) via the errorMsg parameter. The Nuclei template for CVE-2022-40879 confirms multiple XSS flaws that allow arbitrary script execution in the victim’s browser, potentially enabling cookie-based credential theft and other attacks. Affected...

6.1CVSS6AI score0.02352EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2022/09/29 4:22 p.m.•6 views

CVE-2022-40879

kkFileView v4.1.0 is vulnerable to Cross Site Scripting XSS via the parameter 'errorMsg.'...

6AI score0.02352EPSS

Exploits1References1

Cvelist•added 2022/09/29 4:22 p.m.•18 views

CVE-2022-40879

kkFileView v4.1.0 is vulnerable to Cross Site Scripting XSS via the parameter 'errorMsg.'...

6.2AI score0.02352EPSS

Exploits1References1