Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openkm openkm vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2008-2226
Unspecified vulnerability in the export feature in OpenKM prior to 2.0 allows remote malicious users to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information.
Openkm Openkm 1.0
Openkm Openkm 1.1
Openkm Openkm
405
VMScore
CVE-2012-2315
admin/Auth in OpenKM 5.1.7 and other versions prior to 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
Openkm Openkm
Openkm Openkm 5.1.8
1 EDB exploit
685
VMScore
CVE-2012-2316
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions prior to 5.1.8-2 allows remote malicious users to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to ...
Openkm Openkm 5.1.8
Openkm Openkm 5.1.7
1 EDB exploit
NA
CVE-2022-2131
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an malicious user to perform a XML external entity injection attack.
Openkm Openkm
NA
CVE-2022-3969
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able...
Openkm Openkm
312
VMScore
CVE-2014-9017
Cross-site scripting (XSS) vulnerability in OpenKM prior to 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.
Openkm Openkm
801
VMScore
CVE-2019-11445
OpenKM 6.3.2 up to and including 6.3.7 allows an malicious user to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Fi...
Openkm Openkm
312
VMScore
CVE-2014-8957
Cross-site scripting (XSS) vulnerability in OpenKM prior to 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.
Openkm Openkm
NA
CVE-2022-40317
OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element.
Openkm Openkm 6.3.11
1 Github repository
NA
CVE-2022-47413
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition.
Openkm Openkm 6.3.12
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »