U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:openkm:openkm:6.3.11:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 2 matching records.
Displaying matches 1 through 2.
Vuln ID Summary CVSS Severity
CVE-2022-3969

A vulnerability was found in OpenKM up to 6.3.11 and classified as problematic. Affected by this issue is the function getFileExtension of the file src/main/java/com/openkm/util/FileUtils.java. The manipulation leads to insecure temporary file. Upgrading to version 6.3.12 is able to address this issue. The name of the patch is c069e4d73ab8864345c25119d8459495f45453e1. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213548.

Published: November 13, 2022; 3:15:15 AM -0500 		V4.0:(not available)
 V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-40317

OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element.

Published: September 09, 2022; 1:15:08 PM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)