Known Vulnerabilities for products from Openkm
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Openkm".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-47414 json | If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the do... | 5.4 - MEDIUM | 2023-02-07 | 2023-11-07 |
| CVE-2022-47413 json | Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS c... | 5.4 - MEDIUM | 2023-02-07 | 2023-11-07 |
| CVE-2022-40317 json | OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element. | 5.4 - MEDIUM | 2022-09-09 | 2022-09-14 |
| CVE-2022-3969 json | A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFil... | 5.5 - MEDIUM | 2022-11-13 | 2022-11-17 |
| CVE-2022-2131 json | OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without th... | 9.8 - CRITICAL | 2022-07-25 | 2022-08-01 |
| CVE-2021-33950 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-02-17 | 2023-02-28 |
| CVE-2021-3628 json | OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker c... | 5.4 - MEDIUM | 2021-08-30 | 2021-09-03 |
| CVE-2019-11445 json | OpenKM 6.3.2 through 6.3.7 allows an attacker to upload a malicious JSP file into the /okm:root directories and move that fil... | 7.2 - HIGH | 2019-04-22 | 2019-04-23 |
| CVE-2014-9017 json | Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject ar... | 3.5 - LOW | 2015-03-11 | 2017-10-12 |
| CVE-2014-8957 json | Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web sc... | 5.4 - MEDIUM | 2017-10-06 | 2017-10-12 |
| CVE-2012-2316 json | Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5... | 6.8 - MEDIUM | 2012-09-09 | 2012-09-10 |
| CVE-2012-2315 json | admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, wh... | 4 - MEDIUM | 2012-09-09 | 2017-08-29 |
| CVE-2008-2226 json | Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents vi... | Not Provided | 2008-05-14 | 2026-04-23 |
Known software with vulnerabilities from Openkm
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Openkm | Openkm | 5.1.7 |