Vulnerabilities > Keking

DATE CVE VULNERABILITY TITLE RISK
2023-12-04 CVE-2023-48815 Open Redirect vulnerability in Keking Kkfileview 4.1.0/4.3.0
kkFileView v4.3.0 is vulnerable to Incorrect Access Control.
network
low complexity
keking CWE-601
6.1
2023-02-01 CVE-2022-46934 Cross-site Scripting vulnerability in Keking Kkfileview 4.1.0
kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.
network
low complexity
keking CWE-79
6.1
2022-12-25 CVE-2022-4740 Cross-site Scripting vulnerability in Keking Kkfileview
A vulnerability, which was classified as problematic, has been found in kkFileView.
network
low complexity
keking CWE-79
6.1
2022-11-17 CVE-2022-43140 Server-Side Request Forgery (SSRF) vulnerability in Keking Kkfileview 4.1.0
kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile.
network
low complexity
keking CWE-918
7.5
2022-10-17 CVE-2022-42147 Cross-site Scripting vulnerability in Keking Kkfileview 4.0.0
kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.
network
low complexity
keking CWE-79
6.1
2022-10-17 CVE-2022-42149 Server-Side Request Forgery (SSRF) vulnerability in Keking Kkfileview 4.0.0
kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.
network
low complexity
keking CWE-918
critical
9.8
2022-09-29 CVE-2022-40879 Cross-site Scripting vulnerability in Keking Kkfileview 4.1.0
kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'
network
low complexity
keking CWE-79
6.1
2022-05-25 CVE-2022-29349 Cross-site Scripting vulnerability in Keking Kkfileview 4.0.0
kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.
network
keking CWE-79
4.3
2022-02-15 CVE-2021-43734 Path Traversal vulnerability in Keking Kkfileview 4.0.0
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.
network
low complexity
keking CWE-22
5.0