Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openkm openkm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-2226
Unspecified vulnerability in the export feature in OpenKM prior to 2.0 allows remote malicious users to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information.
Openkm Openkm 1.1
Openkm Openkm 1.0
Openkm Openkm
NA
CVE-2012-2315
admin/Auth in OpenKM 5.1.7 and other versions prior to 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
Openkm Openkm 5.1.8
Openkm Openkm
1 EDB exploit
NA
CVE-2012-2316
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions prior to 5.1.8-2 allows remote malicious users to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to ...
Openkm Openkm 5.1.7
Openkm Openkm 5.1.8
1 EDB exploit
7.2
CVSSv3
CVE-2019-11445
OpenKM 6.3.2 up to and including 6.3.7 allows an malicious user to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering with the Fi...
Openkm Openkm
5.4
CVSSv3
CVE-2014-8957
Cross-site scripting (XSS) vulnerability in OpenKM prior to 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.
Openkm Openkm
NA
CVE-2014-9017
Cross-site scripting (XSS) vulnerability in OpenKM prior to 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.
Openkm Openkm
5.5
CVSSv3
CVE-2022-3969
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able...
Openkm Openkm
9.8
CVSSv3
CVE-2022-2131
OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an malicious user to perform a XML external entity injection attack.
Openkm Openkm
5.4
CVSSv3
CVE-2021-3628
OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.
Openkm Openkm 6.3.10
7.5
CVSSv3
CVE-2021-33950
An issue discovered in OpenKM v6.3.10 allows malicious users to obtain sensitive information via the XMLTextExtractor function.
Openkm Openkm 6.3.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »