Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

OpenKM community Edition Vulnerabilities

https://forum.openkm.com/viewtopic.php?t=21706

Page 1 of 1

OpenKM community Edition Vulnerabilities

PostPosted:Tue Mar 20, 2018 9:10 am
by PSHREYASHOLLA
Hi,

From which OpenKM Community Edition following vulnerabilities are fixed,

CVE-2014-8957
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter.


V2: 3.5 LOW
CVE-2014-9017
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.
?

Re: OpenKM community Edition Vulnerabilities

PostPosted:Tue Mar 20, 2018 7:17 pm
by jllort
I think all of these are solved into community edition. We added a class for cleaning XSS.

Re: OpenKM community Edition Vulnerabilities

PostPosted:Fri Mar 23, 2018 4:38 pm
by pavila
It's supposed to be fixed, but if you can reproduce any of them, please open a issue at https://github.com/openkm/document-mana ... tem/issues

Regards.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited