Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openkm openkm vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2008-2226
Unspecified vulnerability in the export feature in OpenKM prior to 2.0 allows remote malicious users to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information.
Openkm Openkm 1.0
Openkm Openkm 1.1
Openkm Openkm
4
CVSSv2
CVE-2012-2315
admin/Auth in OpenKM 5.1.7 and other versions prior to 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
Openkm Openkm
Openkm Openkm 5.1.8
1 EDB exploit
6.8
CVSSv2
CVE-2012-2316
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions prior to 5.1.8-2 allows remote malicious users to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to ...
Openkm Openkm 5.1.8
Openkm Openkm 5.1.7
1 EDB exploit
3.5
CVSSv2
CVE-2014-8957
Cross-site scripting (XSS) vulnerability in OpenKM prior to 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.
Openkm Openkm
3.5
CVSSv2
CVE-2014-9017
Cross-site scripting (XSS) vulnerability in OpenKM prior to 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.
Openkm Openkm
NA
CVE-2022-3969
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able...
Openkm Openkm
9
CVSSv2
CVE-2019-11445
OpenKM 6.3.2 up to and including 6.3.7 allows an malicious user to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Fi...
Openkm Openkm
NA
CVE-2022-2131
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an malicious user to perform a XML external entity injection attack.
Openkm Openkm
NA
CVE-2021-33950
An issue discovered in OpenKM v6.3.10 allows malicious users to obtain sensitive information via the XMLTextExtractor function.
Openkm Openkm 6.3.10
NA
CVE-2023-50072
A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the...
Openkm Openkm 7.1.40
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »