Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openkm openkm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-35475
A Cross-Site Request Forgery (CSRF) vulnerability exists in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an malicious user to manipulate a victim with administrative privileges to execute arbitrary SQL comman...
1 Github repository
5.4
CVSSv3
CVE-2023-50072
A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the...
Openkm Openkm 7.1.40
1 Github repository
7.5
CVSSv3
CVE-2021-33950
An issue discovered in OpenKM v6.3.10 allows malicious users to obtain sensitive information via the XMLTextExtractor function.
Openkm Openkm 6.3.10
5.4
CVSSv3
CVE-2022-47414
If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality.
Openkm Openkm 6.3.12
5.4
CVSSv3
CVE-2022-47413
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition.
Openkm Openkm 6.3.12
5.5
CVSSv3
CVE-2022-3969
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able...
Openkm Openkm
5.4
CVSSv3
CVE-2022-40317
OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element.
Openkm Openkm 6.3.11
1 Github repository
9.8
CVSSv3
CVE-2022-2131
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an malicious user to perform a XML external entity injection attack.
Openkm Openkm
5.4
CVSSv3
CVE-2021-3628
OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.
Openkm Openkm 6.3.10
7.2
CVSSv3
CVE-2019-11445
OpenKM 6.3.2 up to and including 6.3.7 allows an malicious user to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Fi...
Openkm Openkm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »