Vulnerability Details CVE-2021-3628
OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.3%
CVSS Severity
CVSS v3 Score 4.6
CVSS v2 Score 3.5
References
- https://docs.openkm.com/kcenter/view/okm-6.3-com/migration-guide.html
- https://github.com/openkm/document-management-system/issues/278
- https://www.incibe-cert.es/en/early-warning/security-advisories/openkm-document-management-community-vulnerable-cross-site
- https://docs.openkm.com/kcenter/view/okm-6.3-com/migration-guide.html
- https://github.com/openkm/document-management-system/issues/278
- https://www.incibe-cert.es/en/early-warning/security-advisories/openkm-document-management-community-vulnerable-cross-site