CVE-2021-3628

OpenKM Document Management Community vulnerable to Cross Site Scripting

CVSS 4.6 MEDIUMEPSS 0.9%CWE-79

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 4.6EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

30 ago 2021Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Productos afectados

OpenKM · Document Management Community

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://docs.openkm.com/kcenter/view/okm-6.3-com/migration-guide.html https://github.com/openkm/document-management-system/issues/278 https://www.incibe-cert.es/en/early-warning/security-advisories/openkm-document-management-community-vulnerable-cross-site