168 matches found
Design/Logic Flaw
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...
Cross site scripting
If an attacker has access to the console for OpenKM and is authenticated, a stored XSS vulnerability is reachable in the document "note" functionality...
CVE-2022-47414
If an attacker has access to the console for OpenKM and is authenticated, a stored XSS vulnerability is reachable in the document "note" functionality...
CVE-2022-47414
If an attacker has access to the console for OpenKM and is authenticated, a stored XSS vulnerability is reachable in the document "note" functionality...
CVE-2022-47414
OpenKM CVE-2022-47414: a stored XSS in the Note functionality is possible when an attacker with authenticated console access submits crafted content. CVSS 3.1: base score 5.4 (Medium); vectors: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. Impacts are confined to confidentiality and integrity (Low); avail...
CVE-2022-47414
If an attacker has access to the console for OpenKM and is authenticated, a stored XSS vulnerability is reachable in the document "note" functionality...
CVE-2022-47413
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...
CVE-2022-47413
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...
CVE-2022-47413
Technical details about CVE-2022-47413 are not provided in the supplied documents; no affected products or fixes are listed here. Monitor for updates.
CVE-2022-47413
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored persistent, or "Type II" XSS condition...
Multiple DMS XSS (CVE-2022-47412 through CVE-20222-47419)
Through the course of routine security testing and analysis, Rapid7 has discovered several issues in on-premises installations of open source and freemium Document Management System DMS offerings from four vendors. While all of the discovered issues are instances of CWE-79: Improper Neutralizatio...
OpenKM 跨站脚本漏洞
OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A security vulnerability exists in OpenKM. An attacker could exploit this vulnerability to perform cross-site scripting attacks...
OpenKM 跨站脚本漏洞
OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A security vulnerability exists in OpenKM DMS. An attacker exploited the vulnerability to perform cross-site scripting attacks...
CVE-2022-3969
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...
Design/Logic Flaw
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...
OpenKM 安全漏洞
OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, file history and file sharing. A security vulnerability exists in OpenKM versions prior to 6.3.11, which originates from an unknown function getFileExtension in the...
CVE-2022-3969 OpenKM FileUtils.java getFileExtension temp file
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...
CVE-2022-3969 OpenKM FileUtils.java getFileExtension temp file
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...
CVE-2022-3969
OpenKM up to 6.3.11 contains a vulnerability in getFileExtension (src/main/java/com/openkm/util/FileUtils.java) that can lead to an insecure temporary file. Root cause: manipulation of file extension handling. The fix is upgrading to OpenKM 6.3.12, with patch c069e4d73ab8864345c25119d8459495f4545...
CVE-2022-3969 OpenKM FileUtils.java getFileExtension temp file
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this...