IDCVSSSummaryLast (major) updatePublished
CVE-2014-8957 3.5
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.
06-10-2017 - 18:29 06-10-2017 - 18:29
CVE-2014-9017 3.5
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.
11-03-2015 - 15:17 11-03-2015 - 10:59
CVE-2012-2316 6.8
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via th
10-09-2012 - 14:25 09-09-2012 - 17:55
CVE-2012-2315 4.0
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
10-09-2012 - 00:00 09-09-2012 - 17:55
CVE-2008-2226 5.0
Unspecified vulnerability in the export feature in OpenKM before 2.0 allows remote attackers to export arbitrary documents via unspecified vectors. NOTE: some of these details are obtained from third party information.
02-04-2009 - 01:34 14-05-2008 - 14:20
Back to Top Mark selected
Back to Top