Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-50072

Published: 13/01/2024 Updated: 19/01/2024
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 0

Vulnerability Summary

A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openkm openkm 7.1.40

Github Repositories

https://github.com/ahrixia/CVE-2023-50072

A stored cross-site scripting (XSS) vulnerability exists in OpenKM version 7.1.40.

CVE-2023-50072 A stored cross-site scripting (XSS) vulnerability exists in OpenKM version 7140 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload Any user who opens the note of a document file will trigger the XSS Vulerable Parameter: text Exploit - Proof of Concept (POC) Reflect cross-site s

References

CWE-79https://github.com/ahrixia/CVE-2023-50072https://nvd.nist.govhttps://github.com/ahrixia/CVE-2023-50072
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572CVE-2024-24919CVE-2024-0230CVE-2024-32714HTML injectionlocal file inclusionCVE-2024-31098CVE-2024-31244privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook