Keking: >> Kkfileview >> 4.1.0 Security Vulnerabilities
kkFileView v4.3.0 is vulnerable to Incorrect Access Control.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-12-04
kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.
CVSS Score
6.1
EPSS Score
0.087
Published
2023-02-01
kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.
CVSS Score
7.5
EPSS Score
0.758
Published
2022-11-17
kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'
CVSS Score
6.1
EPSS Score
0.263
Published
2022-09-29
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
CVSS Score
6.1
EPSS Score
0.153
Published
2022-08-17