CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

108 matches found

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 is susceptible to cross-site scripting via the url parameter at /controller/OnlinePreviewController.java. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

6.1CVSS6.3AI score0.12872EPSS

Exploits1References2

Nuclei•added yesterday•26 views

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. id: CVE-2022-35151 info: name: kkFileView 4.1.0 - Cross-Site Scripting author: arafatansari severity: medium description: | kkFileView 4.1.0...

6.1CVSS6.2AI score0.04409EPSS

Exploits1References5

Nuclei•added yesterday•37 views

kkFileView 4.1.0 - Server-Side Request Forgery

kkFileView 4.1.0 is susceptible to server-side request forgery via the component cn.keking.web.controller.OnlinePreviewControllergetCorsFile. An attacker can force the application to make arbitrary requests via injection of crafted URLs into the url parameter and thereby potentially obtain...

7.5CVSS7.2AI score0.36865EPSS

Exploits1References2

Nuclei•added yesterday•12 views

kkFileView 4.0 - Server-Side Request Forgery

kkFileView 4.0 contains a server-side request forgery caused by improper validation in OnlinePreviewController.java, letting attackers induce the server to make arbitrary requests, exploit requires sending crafted requests. id: CVE-2022-42149 info: name: kkFileView 4.0 - Server-Side Request Forge...

9.8CVSS7.4AI score0.42841EPSS

Exploits0References2

Nuclei•added yesterday•23 views

kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

6.1CVSS6.4AI score0.02352EPSS

Exploits1References5

Nuclei•added yesterday•21 views

kkFileView 4.0.0 - Cross-Site Scripting

kkFileView 4.0.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. id: CVE-2022-29349 info: name: kkFileView 4.0.0 - Cross-Site Scripting author: arafatansari severity: medium description: | kkFileView 4.0.0...

6.1CVSS6.2AI score0.01713EPSS

Exploits1References4

Nuclei•added 2 days ago•35 views

kkFileview v4.0.0 - Local File Inclusion

kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a related host. id: CVE-2021-43734 info: name: kkFileview v4.0.0 - Local File Inclusion author: arafatansari severity: high description: | kkFileview v4.0.0 is vulnerable to local file inclusion whi...

7.5CVSS7.1AI score0.77362EPSS

Exploits1References5

RedhatCVE•added 2026/01/09 10:51 a.m.•5 views

CVE-2022-42149

kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...

9.8CVSS9.2AI score0.42841EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:40 a.m.•3 views

CVE-2022-35151

kkFileView v4.1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java...

6.1CVSS6.4AI score0.04409EPSS

Exploits1References1