PT-2022-26771 · Unknown · Kkfileview

Name of the Vulnerable Software and Affected Versions: kkFileView version 4.1.0 Description: The issue allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter. This is achieved through a Server-Side Request Forgery SSRF in the...

CVE-2022-43140

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url paramete...

CVE-2022-42147

kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\ Filecontroller.java...

CVE-2022-42147

kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\ Filecontroller.java...

Cross site scripting

kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\ Filecontroller.java...

CVE-2022-42149

kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...

CVE-2022-42149

kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...

CVE-2022-42147

kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\ Filecontroller.java...

Keking kkFileView 跨站脚本漏洞

Keking kkFileView is a Spring-Boot project from Keking Technology Keking, a Chinese company that builds online previews for documents. A security vulnerability exists in Keking kkFileView version 4.0, which can be exploited to implement cross-site scripting via its controllerFilecontroller.java...

CVE-2022-42147

CVE-2022-42147 affects kkFileView 4.0. The provided documents identify a Cross Site Scripting (XSS) vulnerability via the file controller component named Filecontroller.java . The CVE entry lists a base CVSS v3.1 score of 6.1 (Impact: Confidentiality/Integrity Low, Availability None; Network atta...

CVE-2022-42149

kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...

Keking kkFileView 代码问题漏洞

Keking kkFileView is a Spring-Boot project for online previewing of documents from Keking Technology Keking. A security vulnerability exists in Keking kkFileView version 4.0, which originates from a cross-site request forgery that can be realized by an attacker through its...

CVE-2022-42149

kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...

CVE-2022-42147

kkFileView 4.0 is vulnerable to Cross Site Scripting XSS via controller\ Filecontroller.java...

CVE-2022-40879

kkFileView v4.1.0 is vulnerable to Cross Site Scripting XSS via the parameter 'errorMsg.'...

CVE-2022-40879

kkFileView v4.1.0 is vulnerable to Cross Site Scripting XSS via the parameter 'errorMsg.'...

Cross site scripting

kkFileView v4.1.0 is vulnerable to Cross Site Scripting XSS via the parameter 'errorMsg.'...

CVE-2022-40879

kkFileView v4.1.0 is vulnerable to Cross Site Scripting XSS via the parameter 'errorMsg.'...

CVE-2022-40879

kkFileView 4.1.0 is vulnerable to Cross-Site Scripting (XSS) via the errorMsg parameter. The Nuclei template for CVE-2022-40879 confirms multiple XSS flaws that allow arbitrary script execution in the victim’s browser, potentially enabling cookie-based credential theft and other attacks. Affected...

CVE-2022-40879

kkFileView v4.1.0 is vulnerable to Cross Site Scripting XSS via the parameter 'errorMsg.'...