CVE-2014-9017

NONE EPSS 74.4%
Published Mar 11, 201511y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 11, 2015 11y ago
Last Modified Jun 17, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.

Threat Intelligence

EPSS Exploit Probability
74.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
openkmopenkm* ≤6.4.18

References 4

  • packetstormsecurity.com http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html
    Third Party AdvisoryVDB Entry
  • seclists.org http://seclists.org/fulldisclosure/2015/Mar/48
    Mailing ListThird Party Advisory
  • seclists.org http://seclists.org/fulldisclosure/2015/Mar/51
    Mailing ListThird Party Advisory
  • youtu.be http://youtu.be/3jBQFAAq23k
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.