Stored Cross-Site Scripting Vulnerability in OpenKM Document Management System
CVE-2022-47413

5.4MEDIUM

Key Information:

Vendor: Openkm
Status: Openkm
Vendor: CVE Published:; 7 February 2023

What is CVE-2022-47413?

The OpenKM Document Management System is susceptible to a stored XSS attack due to insufficient input sanitization. Attackers can exploit this vulnerability by submitting a malicious document that could be stored on the server. When accessed by users, the malicious payload is executed in their browsers, potentially compromising sensitive information and leading to unauthorized actions. Organizations using OpenKM DMS should assess their exposure to this vulnerability and implement appropriate security measures to mitigate potential risks.

Affected Version(s)

OpenKM 6.3.12

References

https://www.rapid7.com/blog/post/2023/02/07/multiple-dms-...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2023
Vulnerability Reserved
Dec 14, 2022

Credit

Matthew Kienow

CVE-2022-47413 Data

JSON