Vulnerabilities > Knowledgetree Document Management > Knowledgetree Document Management > 3.3.6

DATE	CVE	VULNERABILITY TITLE	RISK
2009-01-06	CVE-2008-5858	Cross-Site Scripting vulnerability in Knowledgetree Document Management Knowledgetree Document Management Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree before 3.5.4a allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-4281. network knowledgetree-document-management CWE-79	4.3
2009-01-06	CVE-2008-5857	Multiple Unspecified vulnerability in KnowledgeTree The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote authenticated users to gain administrative privileges via a certain sequence of "browse documents" and dashboard requests. network low complexity knowledgetree-document-management	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.