CVE-2014-9017

Опубликовано: 11 мар. 2015

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.

Ссылки

http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Mar/48
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2015/Mar/51
Mailing List
Third Party Advisory
http://youtu.be/3jBQFAAq23k
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Mar/48
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2015/Mar/51
Mailing List
Third Party Advisory
http://youtu.be/3jBQFAAq23k
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openkm:openkm:*:*:*:*:professional:*:*:*

Версия до 6.4.18 (включая)

EPSS

Процентиль: 53%

0.00299

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-v8m6-85jc-j592

github

больше 3 лет назад