3 matches found
CVE-2022-47414
OpenKM CVE-2022-47414: a stored XSS in the Note functionality is possible when an attacker with authenticated console access submits crafted content. CVSS 3.1: base score 5.4 (Medium); vectors: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. Impacts are confined to confidentiality and integrity (Low); avail...
CVE-2022-47414
If an attacker has access to the console for OpenKM and is authenticated, a stored XSS vulnerability is reachable in the document "note" functionality...
Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)
Through the course of routine security testing and analysis, Rapid7 has discovered several issues in on-premises installations of open source and freemium Document Management System DMS offerings from four vendors. While all of the discovered issues are instances of CWE-79: Improper Neutralizatio...