CVE-2022-40317

CVSS v3.1

5.4

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OpenKM version 6.3.11

Description The issue allows stored XSS related to the javascript: substring in an A element. This could potentially lead to malicious script execution when a user interacts with the affected element.

Recommendations For OpenKM version 6.3.11, consider disabling the use of javascript: substrings in A elements until a patch is available. Restrict access to areas where such substrings could be injected to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-40317

Affected Products

Openkm

CVE-2022-40317

Weakness Enumeration

Related Identifiers

Affected Products

References · 7