exploitDog

CVE-2025-57244

Опубликовано: 05 нояб. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation.

Ссылки

https://github.com/wolffangsecurity/CVEs/blob/main/Stored%20XSS%20via%20Input%20Fields%20with%20Inconsistent%20Client-Side%20and%20Server-Side%20Validation%20Writeup.md
Broken Link
https://github.com/wolffangsecurity/CVEs/tree/main/CVE-2025-57244
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openkm:openkm:6.3.12:*:*:*:community:*:*:*

EPSS

Процентиль: 12%

0.00039

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-gqj5-fpvg-f47f

CVSS3: 5.4

github

3 месяца назад

OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation.

EPSS

Процентиль: 12%

0.00039

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79