6 matches found
Cross site scripting
kkFileView v4.1.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...
CVE-2022-42149
kkFileView 4.0 is vulnerable to Server-side request forgery SSRF via controller\OnlinePreviewController.java...
CVE-2022-42149
kkFileView 4.0 is affected by CVE-2022-42149: a server-side request forgery (SSRF) flaw in OnlinePreviewController.java caused by improper validation. This allows an attacker to induce the server to fetch arbitrary URLs, with unauthenticated access and potential internal network exposure. The Nuc...
CVE-2022-35151
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting XSS vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java...
Cross site scripting
kkFileView v4.0.0 was discovered to contain a cross-site scripting XSS vulnerability via the url parameter at /controller/OnlinePreviewController.java...
CVE-2022-29349
kkFileView 4.0.0 is affected by CVE-2022-29349, with multiple XSS vulnerabilities exposed via the url/currentUrl parameters in /controller/OnlinePreviewController.java. The issue enables injection of script code into a victim’s browser, potentially enabling session hijacking, defacement, or leaka...