Vulnerabilities > Keking > Kkfileview > 4.1.0

DATE CVE VULNERABILITY TITLE RISK
2023-12-04 CVE-2023-48815 Open Redirect vulnerability in Keking Kkfileview 4.1.0/4.3.0
kkFileView v4.3.0 is vulnerable to Incorrect Access Control.
network
low complexity
keking CWE-601
6.1
6.1
2023-02-01 CVE-2022-46934 Cross-site Scripting vulnerability in Keking Kkfileview 4.1.0
kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.
network
low complexity
keking CWE-79
6.1
6.1
2022-11-17 CVE-2022-43140 Server-Side Request Forgery (SSRF) vulnerability in Keking Kkfileview 4.1.0
kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile.
network
low complexity
keking CWE-918
7.5
7.5
2022-09-29 CVE-2022-40879 Cross-site Scripting vulnerability in Keking Kkfileview 4.1.0
kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'
network
low complexity
keking CWE-79
6.1
6.1
2022-08-17 CVE-2022-35151 Cross-site Scripting vulnerability in Keking Kkfileview 4.1.0
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
network
low complexity
keking CWE-79
6.1
6.1