Monkiki

**Name of the Vulnerable Software and Affected Versions** OpenKM version 6.3.10 **Description** An issue in OpenKM allows attackers to obtain sensitive information via the `XMLTextExtractor` function. **Recommendations** For OpenKM version 6.3.10, consider disabling the `XMLTextExtractor` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenKM version 6.3.11 **Description** The issue allows stored XSS related to the javascript: substring in an A element. This could potentially lead to malicious script execution when a user interacts with the affected element. **Recommendations** For OpenKM version 6.3.11, consider disabling the use of javascript: substrings in A elements until a patch is available. Restrict access to areas where such substrings could be injected to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenKM Community Edition version 6.3.10 **Description** The issue concerns an authenticated Cross-site scripting (XSS) vulnerability. A remote attacker could exploit this by injecting arbitrary code via the `uuid` parameter. **Recommendations** For OpenKM Community Edition version 6.3.10, consider restricting access to the `uuid` parameter to minimize the risk of exploitation until a patch is available.