2 matches found
CVE-2022-40317
OpenKM 6.3.11 is affected by a stored XSS flaw triggered by a javascript: substring in an A element. The issue arises from unsafe handling of A element href values, enabling script execution via user interaction. CVSS v3.1 base score 5.4 (Medium); attack vector Network; user interaction Required;...
CVE-2022-40317
OpenKM 6.3.11 allows stored XSS related to the javascript substring in an A element...