Cross-Site Scripting Vulnerability in OpenKM by G2byte
CVE-2014-8957

5.4MEDIUM

Key Information:

Vendor

Openkm

Status
Openkm
Vendor
CVE Published:
6 October 2017

What is CVE-2014-8957?

The identified vulnerability in OpenKM prior to version 6.4.19 allows remote authenticated users to exploit cross-site scripting. By manipulating the Tasks parameter, attackers can inject arbitrary web scripts or HTML, potentially compromising user data and impacting the integrity of the application. Organizations utilizing affected versions should prioritize updates to mitigate this security flaw.

References

http://www.securityfocus.com/bid/73012
vdb-entryx_refsource_BID
https://www.youtube.com/watch?v=3jBQFAAq23k&feature=youtu.be
x_refsource_MISC
http://packetstormsecurity.com/files/130723/OpenKM-Stored...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.