openkm/document-management-system

openkm/document-management-system

Releases12

Frequency9 months 3 weeks

Last Release 4 months ago

Stars844

OpenKM is a Open Source Document Management System

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-33950 ↗	Feb 17, 2023Friday, 17 February 2023, 18:15	7.5 HIGH	—
An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function.
CVE-2022-3969 ↗	Nov 13, 2022Sunday, 13 November 2022, 08:15	2.6 LOW	—
A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548.
CVE-2022-40317 ↗	Sep 9, 2022Friday, 9 September 2022, 17:15	5.4 MEDIUM	—
OpenKM 6.3.11 allows stored XSS related to the javascript&colon; substring in an A element.
CVE-2021-3628 ↗	Aug 30, 2021Monday, 30 August 2021, 18:15	4.6 MEDIUM	3.5 LOW
OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.