- EPSS 14.48%
- Veröffentlicht 22.04.2019 11:29:05
- Zuletzt bearbeitet 21.11.2024 04:21:05
OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that file to the home directory of the site, via frontend/FileUpload and admin/repository_export.jsp. This is achieved by interfering...
CVE-2014-8957
- EPSS 1.25%
- Veröffentlicht 06.10.2017 22:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.
CVE-2014-9017
- EPSS 1.7%
- Veröffentlicht 11.03.2015 14:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.
- EPSS 6.22%
- Veröffentlicht 09.09.2012 21:55:07
- Zuletzt bearbeitet 16.06.2026 23:41:20
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
CVE-2012-2316
- EPSS 4.25%
- Veröffentlicht 09.09.2012 21:55:07
- Zuletzt bearbeitet 16.06.2026 23:41:20
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via th...
- EPSS 1.22%
- Veröffentlicht 14.05.2008 18:20:00
- Zuletzt bearbeitet 16.06.2026 22:53:21
Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information.