Vulnerabilities > Openkm

DATE CVE VULNERABILITY TITLE RISK
2024-01-13 CVE-2023-50072 Cross-site Scripting vulnerability in Openkm 7.1.40
A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload.
network
low complexity
openkm CWE-79
5.4
2023-02-17 CVE-2021-33950 XXE vulnerability in Openkm 6.3.10
An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function.
network
low complexity
openkm CWE-611
7.5
2023-02-07 CVE-2022-47413 Cross-site Scripting vulnerability in Openkm 6.3.12
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition.
network
low complexity
openkm CWE-79
5.4
2023-02-07 CVE-2022-47414 Cross-site Scripting vulnerability in Openkm 6.3.12
If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality.
network
low complexity
openkm CWE-79
5.4
2022-11-13 CVE-2022-3969 Insecure Temporary File vulnerability in Openkm
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic.
local
low complexity
openkm CWE-377
5.5
2021-08-30 CVE-2021-3628 Cross-site Scripting vulnerability in Openkm 6.3.10
OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS).
network
openkm CWE-79
3.5
2019-04-22 CVE-2019-11445 Unrestricted Upload of File with Dangerous Type vulnerability in Openkm
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp.
network
low complexity
openkm CWE-434
critical
9.0
2017-10-06 CVE-2014-8957 Cross-site Scripting vulnerability in Openkm 6.4.18
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.
network
openkm CWE-79
3.5
2015-03-11 CVE-2014-9017 Cross-site Scripting vulnerability in Openkm 6.4.18
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.
network
openkm CWE-79
3.5
2012-09-09 CVE-2012-2316 Cross-Site Request Forgery (CSRF) vulnerability in Openkm 5.1.7/5.1.8
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp.
network
openkm CWE-352
6.8