Vulnerabilities > Openkm > Openkm > 6.4.18
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-06 | CVE-2014-8957 | Cross-site Scripting vulnerability in Openkm 6.4.18 Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. | 3.5 |
| 2015-03-11 | CVE-2014-9017 | Cross-site Scripting vulnerability in Openkm 6.4.18 Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp. | 3.5 |