Kkfileview@4.1.0 Security Vulnerabilities and Issues — Kkfileview@4.1.0 CVE List

Lucene search

KekingKkfileview4.1.0

5 matches found

CVE•added 2022/11/17 5:15 p.m.•65 views

CVE-2022-43140

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url paramet...

7.5CVSS7.7AI score0.75794EPSS

CVE•added 2023/02/01 8:15 p.m.•58 views

CVE-2022-46934

kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.

6.1CVSS6AI score0.08742EPSS

CVE•added 2022/08/17 10:15 p.m.•44 views

CVE-2022-35151

kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.

6.1CVSS6.1AI score0.15287EPSS

CVE•added 2022/09/29 5:15 p.m.•42 views

CVE-2022-40879

kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'

6.1CVSS6AI score0.26271EPSS

CVE•added 2023/12/04 3:15 p.m.•27 views

CVE-2023-48815

kkFileView v4.3.0 is vulnerable to Incorrect Access Control.

6.1CVSS6.2AI score0.00234EPSS