OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.
References
Link | Resource |
---|---|
https://docs.openkm.com/kcenter/view/okm-6.3-com/migration-guide.html | Release Notes Vendor Advisory |
https://github.com/openkm/document-management-system/issues/278 | Issue Tracking Patch Third Party Advisory |
https://www.incibe-cert.es/en/early-warning/security-advisories/openkm-document-management-community-vulnerable-cross-site | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: INCIBE
Published: 2021-08-27T00:00:00
Updated: 2021-08-30T17:06:59
Reserved: 2021-06-29T00:00:00
Link: CVE-2021-3628
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-30T18:15:09.753
Modified: 2021-09-03T14:48:15.810
Link: CVE-2021-3628
JSON object: View
Redhat Information
No data.
CWE