OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an malicious user to perform a XML external entity injection attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openkm openkm |