168 matches found
CVE-2021-3628
OpenKM Community Edition 6.3.10 is vulnerable to authenticated Cross-site Scripting (XSS) via the uuid parameter. The issue arises from unvalidated input in the uuid field, allowing an attacker to inject arbitrary client-side code after authentication. Documented across multiple sources (NVD entr...
CVE-2021-3628 OpenKM Document Management Community vulnerable to Cross Site Scripting
OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting XSS. A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter...
Openkm OpenKM 跨站脚本漏洞
Openkm OpenKM is a document management system from the Spanish company OpenKM Openkm. The system provides features such as version control, document history, and file sharing. A cross-site scripting vulnerability exists in OpenKM Community Edition, which stems from the product's uuid field failin...
CVE-2021-3628
OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting XSS. A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter...
CVE-2019-11445
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repositoryexport.jsp. This is achieved by interfering with the Filesystem path control in the admin's...
CVE-2019-11445
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repositoryexport.jsp. This is achieved by interfering with the Filesystem path control in the admin's...
Design/Logic Flaw
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repositoryexport.jsp. This is achieved by interfering with the Filesystem path control in the admin's...
CVE-2019-11445
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repositoryexport.jsp. This is achieved by interfering with the Filesystem path control in the admin's...
CVE-2019-11445
OpenKM 6.3.2–6.3.7 is affected: an attacker can upload a malicious JSP into /okm:root and move it to the site home through frontend/FileUpload and admin/repository_export.jsp by exploiting improper Filesystem path control in the Admin Export field, enabling remote code execution with root privile...
OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenKM Document Management %q Versions of the OpenKM Document Management 'AkkuS ' , Vulnerability Discovery, PoC & Msf Module 'References' = 'URL'...
OpenKM Document Management Remote Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenKM Document Management %q Versions of the OpenKM Document Management 'AkkuS ' , Vulnerability Discovery, PoC & Msf Module 'References' = 'URL'...
OpenKM 6.3.2 6.3.7 - Remote Command Execution (Metasploit)
OpenKM 6.3.2 6.3.7 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenKM Document Management %q Versions of the OpenKM Document Management 'AkkuS ' ,...
OpenKM 6.3.2 < 6.3.7 - Remote Command Execution Exploit #RCE
Exploit for jsp platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenKM Document Management %q Versions of the OpenKM Document Management 'AkkuS ' ,...
OpenKM Cross-Site Scripting Vulnerability (CNVD-2017-30870)
OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A cross-site scripting vulnerability exists in versions of OpenKM prior to 6.4.19. A remote attacker can exploit this vulnerability to inject arbitrar...
Cross site scripting
Cross-site scripting XSS vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter...
CVE-2014-8957
Cross-site scripting XSS vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter...
CVE-2014-8957
OpenKM is affected by a Cross-site Scripting (XSS) vulnerability (CVE-2014-8957) present in versions prior to 6.4.19. The issue allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. The vulnerability impact is limited to confidentiality/integrity of the...
CVE-2014-8957
Cross-site scripting XSS vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter...
wiki.openkm.com XSS vulnerability
Vulnerable URL: http://wiki.openkm.com/thumb.php?f=xssposed%23%3Cbody%09onload=confirm%28String.fromCharCode%2888,83,83,80,79,83,69,68%29%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 12:03 GMT Vulnerability type:| XSS Vulnerability...
OpenKM Cross-Site Scripting Vulnerability
OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A cross-site scripting vulnerability exists in OpenKM version 6.4.18 build 23338, which stems from a frontend/index.jsp script that fails to adequatel...