CVE-2014-8957
NONE EPSS 65.6%
Published Oct 6, 20178y ago · Modified Jun 17, 20262w ago
Published Oct 6, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.
Threat Intelligence
EPSS Exploit Probability
65.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| openkm | openkm | * | ≤6.4.18 |
References 3
- packetstormsecurity.com http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html
- securityfocus.com http://www.securityfocus.com/bid/73012
- youtube.com https://www.youtube.com/watch?v=3jBQFAAq23k&feature=youtu.be
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.