CVE-2022-35151

Name of the Vulnerable Software and Affected Versions kkFileView version 4.1.0

Description The issue is related to multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities can be exploited via the urls and currentUrl parameters at the /controller/OnlinePreviewController.java endpoint.

Recommendations For kkFileView version 4.1.0, as a temporary workaround, consider restricting access to the /controller/OnlinePreviewController.java endpoint until a patch is available. Avoid using the urls and currentUrl parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.