Lucene search
K

168 matches found

CVE
CVE
added 2021/08/30 5:6 p.m.50 views

CVE-2021-3628

OpenKM Community Edition 6.3.10 is vulnerable to authenticated Cross-site Scripting (XSS) via the uuid parameter. The issue arises from unvalidated input in the uuid field, allowing an attacker to inject arbitrary client-side code after authentication. Documented across multiple sources (NVD entr...

5.4CVSS5.1AI score0.00916EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/08/30 5:6 p.m.24 views

CVE-2021-3628 OpenKM Document Management Community vulnerable to Cross Site Scripting

OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting XSS. A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter...

4.6CVSS5.8AI score0.00916EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/08/30 12:0 a.m.3 views

Openkm OpenKM 跨站脚本漏洞

Openkm OpenKM is a document management system from the Spanish company OpenKM Openkm. The system provides features such as version control, document history, and file sharing. A cross-site scripting vulnerability exists in OpenKM Community Edition, which stems from the product's uuid field failin...

5.4CVSS5.5AI score0.00916EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2021/08/27 7:0 a.m.3 views

CVE-2021-3628

OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting XSS. A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter...

5.4CVSS6.3AI score0.00916EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2019/04/22 11:29 a.m.20 views

CVE-2019-11445

OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repositoryexport.jsp. This is achieved by interfering with the Filesystem path control in the admin's...

9CVSS7.5AI score0.14478EPSS
Exploits1References2
OSV
OSV
added 2019/04/22 11:29 a.m.17 views

CVE-2019-11445

OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repositoryexport.jsp. This is achieved by interfering with the Filesystem path control in the admin's...

7.2CVSS8AI score
Exploits0References2
Prion
Prion
added 2019/04/22 11:29 a.m.13 views

Design/Logic Flaw

OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repositoryexport.jsp. This is achieved by interfering with the Filesystem path control in the admin's...

9CVSS7.5AI score0.14478EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/04/22 4:0 a.m.20 views

CVE-2019-11445

OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repositoryexport.jsp. This is achieved by interfering with the Filesystem path control in the admin's...

7.5AI score0.14478EPSS
Exploits1References2
CVE
CVE
added 2019/04/22 4:0 a.m.54 views

CVE-2019-11445

OpenKM 6.3.2–6.3.7 is affected: an attacker can upload a malicious JSP into /okm:root and move it to the site home through frontend/FileUpload and admin/repository_export.jsp by exploiting improper Filesystem path control in the Admin Export field, enabling remote code execution with root privile...

9CVSS7.5AI score0.14478EPSS
Exploits1References2Affected Software1
Exploit DB
Exploit DB
added 2019/03/11 12:0 a.m.108 views

OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenKM Document Management %q Versions of the OpenKM Document Management 'AkkuS ' , Vulnerability Discovery, PoC & Msf Module 'References' = 'URL'...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2019/03/11 12:0 a.m.41 views

OpenKM Document Management Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenKM Document Management %q Versions of the OpenKM Document Management 'AkkuS ' , Vulnerability Discovery, PoC & Msf Module 'References' = 'URL'...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2019/03/11 12:0 a.m.21 views

OpenKM 6.3.2 6.3.7 - Remote Command Execution (Metasploit)

OpenKM 6.3.2 6.3.7 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenKM Document Management %q Versions of the OpenKM Document Management 'AkkuS ' ,...

0.3AI score
Exploits0
0day.today
0day.today
added 2019/03/11 12:0 a.m.331 views

OpenKM 6.3.2 < 6.3.7 - Remote Command Execution Exploit #RCE

Exploit for jsp platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenKM Document Management %q Versions of the OpenKM Document Management 'AkkuS ' ,...

0.2AI score
Exploits0
CNVD
CNVD
added 2017/10/17 12:0 a.m.6 views

OpenKM Cross-Site Scripting Vulnerability (CNVD-2017-30870)

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A cross-site scripting vulnerability exists in versions of OpenKM prior to 6.4.19. A remote attacker can exploit this vulnerability to inject arbitrar...

5.4CVSS5.2AI score0.01245EPSS
Exploits2References1
Prion
Prion
added 2017/10/06 10:29 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter...

3.5CVSS5.7AI score0.01245EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2017/10/06 10:29 p.m.17 views

CVE-2014-8957

Cross-site scripting XSS vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter...

5.4CVSS5.1AI score0.01245EPSS
Exploits2References3
CVE
CVE
added 2017/10/06 10:0 p.m.43 views

CVE-2014-8957

OpenKM is affected by a Cross-site Scripting (XSS) vulnerability (CVE-2014-8957) present in versions prior to 6.4.19. The issue allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. The vulnerability impact is limited to confidentiality/integrity of the...

5.4CVSS5AI score0.01245EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2017/10/06 10:0 p.m.15 views

CVE-2014-8957

Cross-site scripting XSS vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter...

5.1AI score0.01245EPSS
Exploits2References3
Openbugbounty
Openbugbounty
added 2016/01/07 10:44 a.m.11 views

wiki.openkm.com XSS vulnerability

Vulnerable URL: http://wiki.openkm.com/thumb.php?f=xssposed%23%3Cbody%09onload=confirm%28String.fromCharCode%2888,83,83,80,79,83,69,68%29%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 12:03 GMT Vulnerability type:| XSS Vulnerability...

6.3AI score
Exploits0
CNVD
CNVD
added 2015/03/12 12:0 a.m.7 views

OpenKM Cross-Site Scripting Vulnerability

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A cross-site scripting vulnerability exists in OpenKM version 6.4.18 build 23338, which stems from a frontend/index.jsp script that fails to adequatel...

3.5CVSS6.2AI score0.01704EPSS
Exploits2References1
Rows per page
Query Builder