RSS   Vulnerabilities for 'Openkm'   RSS

2017-10-06
 
CVE-2014-8957

 

 
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.

 
2015-03-11
 
CVE-2014-9017

 

 
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.

 
2012-09-09
 
CVE-2012-2316

CWE-352
 

 
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp.

 
 
CVE-2012-2315

CWE-264
 

 
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.

 
2008-05-14
 
CVE-2008-2226

CWE-noinfo
 

 
Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information.

 


Copyright 2017, cxsecurity.com

 

Back to Top