Vulnerabilities > Openkm > Openkm
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-13 | CVE-2023-50072 | Cross-site Scripting vulnerability in Openkm 7.1.40 A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. | 5.4 |
| 2023-02-17 | CVE-2021-33950 | XXE vulnerability in Openkm 6.3.10 An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function. | 7.5 |
| 2023-02-07 | CVE-2022-47413 | Cross-site Scripting vulnerability in Openkm 6.3.12 Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition. | 5.4 |
| 2023-02-07 | CVE-2022-47414 | Cross-site Scripting vulnerability in Openkm 6.3.12 If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality. | 5.4 |
| 2022-11-13 | CVE-2022-3969 | Insecure Temporary File vulnerability in Openkm A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. | 5.5 |
| 2021-08-30 | CVE-2021-3628 | Cross-site Scripting vulnerability in Openkm 6.3.10 OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). | 3.5 |
| 2019-04-22 | CVE-2019-11445 | Unrestricted Upload of File with Dangerous Type vulnerability in Openkm OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. | 9.0 |
| 2017-10-06 | CVE-2014-8957 | Cross-site Scripting vulnerability in Openkm 6.4.18 Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. | 3.5 |
| 2015-03-11 | CVE-2014-9017 | Cross-site Scripting vulnerability in Openkm 6.4.18 Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp. | 3.5 |
| 2012-09-09 | CVE-2012-2316 | Cross-Site Request Forgery (CSRF) vulnerability in Openkm 5.1.7/5.1.8 Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp. | 6.8 |