CVE-2014-8957

CVE-2014-8957

EPSS 1.2%

Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html https://www.youtube.com/watch?v=3jBQFAAq23k&feature=youtu.be http://www.securityfocus.com/bid/73012