CVE-2014-8957

NONE EPSS 65.6%
Published Oct 6, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Oct 6, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.

Threat Intelligence

EPSS Exploit Probability
65.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
openkmopenkm* ≤6.4.18

References 3

  • packetstormsecurity.com http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html
    ExploitThird Party AdvisoryVDB Entry
  • securityfocus.com http://www.securityfocus.com/bid/73012
    Third Party AdvisoryVDB Entry
  • youtube.com https://www.youtube.com/watch?v=3jBQFAAq23k&feature=youtu.be
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.