Lucene search
+L

168 matches found

Prion
Prion
added 2023/02/07 10:15 p.m.18 views

Design/Logic Flaw

Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...

4.9CVSS5.2AI score0.00582EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/02/07 10:15 p.m.18 views

Cross site scripting

If an attacker has access to the console for OpenKM and is authenticated, a stored XSS vulnerability is reachable in the document "note" functionality...

4.9CVSS5.2AI score0.00582EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/02/07 9:41 p.m.28 views

CVE-2022-47414

If an attacker has access to the console for OpenKM and is authenticated, a stored XSS vulnerability is reachable in the document "note" functionality...

5.4AI score0.00506EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/02/07 9:41 p.m.7 views

CVE-2022-47414

If an attacker has access to the console for OpenKM and is authenticated, a stored XSS vulnerability is reachable in the document "note" functionality...

6AI score0.00506EPSS
Exploits1References1
CVE
CVE
added 2023/02/07 9:41 p.m.55 views

CVE-2022-47414

OpenKM CVE-2022-47414: a stored XSS in the Note functionality is possible when an attacker with authenticated console access submits crafted content. CVSS 3.1: base score 5.4 (Medium); vectors: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. Impacts are confined to confidentiality and integrity (Low); avail...

5.4CVSS5.2AI score0.00506EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/02/07 9:41 p.m.23 views

CVE-2022-47414

If an attacker has access to the console for OpenKM and is authenticated, a stored XSS vulnerability is reachable in the document "note" functionality...

5.4CVSS5.2AI score0.00582EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2023/02/07 9:37 p.m.5 views

CVE-2022-47413

Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...

6AI score0.00582EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/02/07 9:37 p.m.26 views

CVE-2022-47413

Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...

5.4AI score0.00582EPSS
Exploits2References1
CVE
CVE
added 2023/02/07 9:37 p.m.56 views

CVE-2022-47413

Technical details about CVE-2022-47413 are not provided in the supplied documents; no affected products or fixes are listed here. Monitor for updates.

5.4CVSS5.2AI score0.00582EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2023/02/07 9:37 p.m.19 views

CVE-2022-47413

Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...

5.4CVSS5.2AI score0.00582EPSS
Exploits2References3
Rapid7 Blog
Rapid7 Blog
added 2023/02/07 2:5 p.m.37 views

Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)

Through the course of routine security testing and analysis, Rapid7 has discovered several issues in on-premises installations of open source and freemium Document Management System DMS offerings from four vendors. While all of the discovered issues are instances of CWE-79: Improper Neutralizatio...

0.1AI score0.00582EPSS
Exploits8
CNNVD
CNNVD
added 2023/02/07 12:0 a.m.8 views

OpenKM 跨站脚本漏洞

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A security vulnerability exists in OpenKM. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

5.4CVSS5.7AI score0.00506EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/07 12:0 a.m.5 views

OpenKM 跨站脚本漏洞

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A security vulnerability exists in OpenKM DMS. An attacker exploited the vulnerability to perform cross-site scripting attacks...

5.4CVSS5.7AI score0.0053EPSS
Exploits2References2
NVD
NVD
added 2022/11/13 8:15 a.m.21 views

CVE-2022-3969

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...

5.5CVSS0.00526EPSS
Exploits1References4
Prion
Prion
added 2022/11/13 8:15 a.m.17 views

Design/Logic Flaw

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...

1.7CVSS5.5AI score0.00526EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/11/13 12:0 a.m.25 views

OpenKM 安全漏洞

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, file history and file sharing. A security vulnerability exists in OpenKM versions prior to 6.3.11, which originates from an unknown function getFileExtension in the...

5.5CVSS5.7AI score0.00526EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/11/13 12:0 a.m.11 views

CVE-2022-3969 OpenKM FileUtils.java getFileExtension temp file

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...

2.6CVSS4.2AI score0.00526EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/11/13 12:0 a.m.29 views

CVE-2022-3969 OpenKM FileUtils.java getFileExtension temp file

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...

2.6CVSS5.8AI score0.00526EPSS
Exploits1References4
CVE
CVE
added 2022/11/13 12:0 a.m.54 views

CVE-2022-3969

OpenKM up to 6.3.11 contains a vulnerability in getFileExtension (src/main/java/com/openkm/util/FileUtils.java) that can lead to an insecure temporary file. Root cause: manipulation of file extension handling. The fix is upgrading to OpenKM 6.3.12, with patch c069e4d73ab8864345c25119d8459495f4545...

5.5CVSS4.6AI score0.00526EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/11/13 12:0 a.m.21 views

CVE-2022-3969 OpenKM FileUtils.java getFileExtension temp file

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...

2.6CVSS5.1AI score0.00526EPSS
Exploits1References6
Rows per page
Query Builder