CVE-2014-9017
NONE EPSS 74.4%
Published Mar 11, 201511y ago · Modified Jun 17, 20262w ago
Published Mar 11, 2015 11y ago
Last Modified Jun 17, 2026 2w ago
Description
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.
Threat Intelligence
EPSS Exploit Probability
74.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| openkm | openkm | * | ≤6.4.18 |
References 4
- packetstormsecurity.com http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html
- seclists.org http://seclists.org/fulldisclosure/2015/Mar/48
- seclists.org http://seclists.org/fulldisclosure/2015/Mar/51
- youtu.be http://youtu.be/3jBQFAAq23k
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.