CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-57244

OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.5%

CVSS Severity

CVSS v3 Score 5.4

References

https://github.com/wolffangsecurity/CVEs/blob/main/Stored%20XSS%20via%20Input%20Fields%20with%20Inconsistent%20Client-Side%20and%20Server-Side%20Validation%20Writeup.md
https://github.com/wolffangsecurity/CVEs/tree/main/CVE-2025-57244

Products affected by CVE-2025-57244

Openkm » Openkm » Version: 6.3.12

cpe:2.3:a:openkm:openkm:6.3.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-57244

Products

Pricing

Contact Us