108 matches found
PT-2022-25603 · Unknown · Kkfileview
Name of the Vulnerable Software and Affected Versions: kkFileView version 4.1.0 Description: The issue concerns a Cross Site Scripting XSS problem. It can be exploited via the errorMsg parameter. Recommendations: For kkFileView version 4.1.0, consider restricting the use of the errorMsg parameter...
kkFileView 跨站脚本漏洞
Keking kkFileView is a Spring-Boot project from Keking Technology Keking, a Chinese company that builds online previews of files and documents. A security vulnerability exists in kkFileView v4.1.0, which stems from the errorMsg parameter being vulnerable to cross-site scripting...
CVE-2022-36593
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java...
CVE-2022-36593
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java...
CVE-2022-36593
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java...
Arbitrary file deletion
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java...
CVE-2022-36593
CVE-2022-36593 affects kkFileView v4.0.0, exposing an arbitrary file deletion vulnerability through the fileName parameter in /controller/FileController.java. The root cause is the unsafe handling of fileName, enabling deletion of arbitrary files. Impact is stated as deletion capability; no fixes...
CVE-2022-36593
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java...
kkFileView 路径遍历漏洞
Keking kkFileView is a Spring-Boot project for online previewing of files and documents from Keking Technology Keking. A path traversal vulnerability exists in kkFileView v4.0.0, which is caused by an arbitrary file deletion vulnerability found in the fileName parameter of...
PT-2022-23493 · Unknown · Kkfileview
Name of the Vulnerable Software and Affected Versions: kkFileView version 4.0.0 Description: The issue allows for arbitrary file deletion via the fileName parameter at the /controller/FileController.java endpoint. Recommendations: For kkFileView version 4.0.0, consider restricting access to the...
CVE-2022-35151
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java...
CVE-2022-35151
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java...
CVE-2022-35151
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java...
Cross site scripting
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java...
CVE-2022-35151
CVE-2022-35151 for kkFileView 4.1.0 : Multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters in /controller/OnlinePreviewController.java. Public sources describe the impact as executing malicious scripts in the victim’s browser, potentially enabling data theft or ses...
CVE-2022-35151
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java...
PT-2022-22602 · Unknown · Kkfileview
Name of the Vulnerable Software and Affected Versions: kkFileView version 4.1.0 Description: The issue is related to multiple cross-site scripting XSS vulnerabilities. These vulnerabilities can be exploited via the urls and currentUrl parameters at the /controller/OnlinePreviewController.java...
kkFileView 跨站脚本漏洞
Keking kkFileView is a Spring-Boot project for online previewing of documents by Keking Technology Keking. A cross-site scripting vulnerability exists in kkFileView v4.1.0, which originates from multiple cross-site scripts in the urls and currentUrl parameters of the...
CVE-2022-29349
kkFileView v4.0.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...
CVE-2022-29349
kkFileView v4.0.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...