Vulnerabilities > Openkm
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-13 | CVE-2023-50072 | Cross-site Scripting vulnerability in Openkm 7.1.40 A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. | 5.4 |
| 2023-02-17 | CVE-2021-33950 | XXE vulnerability in Openkm 6.3.10 An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function. | 7.5 |
| 2023-02-07 | CVE-2022-47413 | Cross-site Scripting vulnerability in Openkm 6.3.12 Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition. | 5.4 |
| 2023-02-07 | CVE-2022-47414 | Cross-site Scripting vulnerability in Openkm 6.3.12 If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality. | 5.4 |
| 2022-11-13 | CVE-2022-3969 | Unspecified vulnerability in Openkm A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. | 5.5 |
| 2022-09-09 | CVE-2022-40317 | Cross-site Scripting vulnerability in Openkm 6.3.11 OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element. | 5.4 |
| 2022-07-25 | CVE-2022-2131 | XXE vulnerability in Openkm 6.3.10 OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external entity injection attack. | 9.8 |
| 2021-08-30 | CVE-2021-3628 | Cross-site Scripting vulnerability in Openkm 6.3.10 OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). | 5.4 |
| 2019-04-22 | CVE-2019-11445 | Unrestricted Upload of File with Dangerous Type vulnerability in Openkm OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. | 7.2 |
| 2017-10-06 | CVE-2014-8957 | Cross-site Scripting vulnerability in Openkm 6.4.18 Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. | 5.4 |