Kkfileview Security Vulnerabilities and Issues — Kkfileview CVE List

Lucene search

KekingKkfileview

12 matches found

CVE•added 2022/02/15 2:15 p.m.•102 views

CVE-2021-43734

kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.

7.5CVSS7.4AI score0.6797EPSS

CVE•added 2025/05/11 11:15 a.m.•87 views

CVE-2025-4538

A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...

9.8CVSS6.3AI score0.00052EPSS

CVE•added 2022/10/17 8:15 p.m.•76 views

CVE-2022-42149

kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.

9.8CVSS9.4AI score0.00103EPSS

CVE•added 2022/05/25 1:15 a.m.•72 views

CVE-2022-29349

kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.

6.1CVSS6AI score0.02663EPSS

CVE•added 2022/11/17 5:15 p.m.•65 views

CVE-2022-43140

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url paramet...

7.5CVSS7.7AI score0.75794EPSS

CVE•added 2023/02/01 8:15 p.m.•58 views

CVE-2022-46934

kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.

6.1CVSS6AI score0.08742EPSS

CVE•added 2022/09/02 4:15 a.m.•51 views

CVE-2022-36593

kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java.

6.5CVSS6.6AI score0.00275EPSS

CVE•added 2022/10/17 9:15 p.m.•47 views

CVE-2022-42147

kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.

6.1CVSS5.9AI score0.00113EPSS

CVE•added 2022/08/17 10:15 p.m.•44 views

CVE-2022-35151

kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.

6.1CVSS6.1AI score0.15287EPSS

CVE•added 2022/12/25 8:15 p.m.•44 views

CVE-2022-4740

A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the p...

6.1CVSS4.8AI score0.00296EPSS

CVE•added 2022/09/29 5:15 p.m.•42 views

CVE-2022-40879

kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'

6.1CVSS6AI score0.26271EPSS

CVE•added 2023/12/04 3:15 p.m.•27 views

CVE-2023-48815

kkFileView v4.3.0 is vulnerable to Incorrect Access Control.

6.1CVSS6.2AI score0.00234EPSS