PT-2023-12230 · Openkm · Openkm

Monkiki

·

Published

2023-02-17

·

Updated

2025-03-18

·

CVE-2021-33950

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions OpenKM version 6.3.10
Description An issue in OpenKM allows attackers to obtain sensitive information via the XMLTextExtractor function.
Recommendations For OpenKM version 6.3.10, consider disabling the XMLTextExtractor function until a patch is available.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2021-33950

Affected Products

Openkm