- EPSS 23.2%
- Veröffentlicht 22.04.2019 11:29:05
- Zuletzt bearbeitet 21.11.2024 04:21:05
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering...
CVE-2014-8957
- EPSS 0.2%
- Veröffentlicht 06.10.2017 22:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.
CVE-2014-9017
- EPSS 0.3%
- Veröffentlicht 11.03.2015 14:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.
- EPSS 8.34%
- Veröffentlicht 09.09.2012 21:55:07
- Zuletzt bearbeitet 11.04.2025 00:51:21
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
CVE-2012-2316
- EPSS 2.42%
- Veröffentlicht 09.09.2012 21:55:07
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via th...
- EPSS 0.32%
- Veröffentlicht 14.05.2008 18:20:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information.