OpenKM Document Management Community vulnerable to Cross Site Scripting
CVE-2021-3628

4.6MEDIUM

Key Information:

Vendor

Openkm

Status
Document Management Community
Vendor
CVE Published:
27 August 2021

What is CVE-2021-3628?

OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.

Affected Version(s)

Document Management Community 6.3.10

References

https://www.incibe-cert.es/en/early-warning/security-advi...
x_refsource_CONFIRM
https://github.com/openkm/document-management-system/issu...
x_refsource_CONFIRM
https://docs.openkm.com/kcenter/view/okm-6.3-com/migratio...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jorge Gutiérrez Valderrama
.