Cross-Site Scripting Vulnerability in OpenKM by OpenKM
CVE-2014-9017

Currently unrated

Key Information:

Vendor

Openkm

Status
Openkm
Vendor
CVE Published:
11 March 2015

What is CVE-2014-9017?

A cross-site scripting vulnerability exists in OpenKM prior to version 6.4.19 (build 23338) that allows remote authenticated users to inject arbitrary web scripts or HTML. This can occur via the Subject field in a task, potentially compromising user sessions and transferring malicious payloads to unsuspecting users who view these tasks. It is crucial for users of the affected versions to update their systems to mitigate the risk of exploitation.

References

http://seclists.org/fulldisclosure/2015/Mar/51
mailing-listx_refsource_FULLDISC
http://seclists.org/fulldisclosure/2015/Mar/48
mailing-listx_refsource_FULLDISC
http://youtu.be/3jBQFAAq23k
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.