Vulnerabilidades em OpenKM
7 resultadosCVE-2021-3628MEDIUMOpenKM Document Management Community vulnerable to Cross Site ScriptingEPSS 0.9%CVE-2022-2131HIGHOpenKM XXE InjectionEPSS 0.7%CVE-2026-42785HIGHOpenKM 6.3.12 Remote Code Execution via Administrative ScriptingEPSS 0.7%CVE-2026-42425HIGHOpenKM 6.3.12 Unrestricted SQL Execution via DatabaseQueryEPSS 0.6%CVE-2022-47413MEDIUM
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition.
EPSS 0.5%CVE-2022-47414MEDIUM
If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" EPSS 0.5%CVE-2026-41917MEDIUMOpenKM 6.3.12 Local File Inclusion via Admin ScriptingEPSS 0.4%