Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9017

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2014-9017
Last Modified 11 Mar 2015 03:17:45
Published 11 Mar 2015 10:59:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-9017

Summary

Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.

Vulnerable Systems

Application

  • Openkm 6.4.18


References

MISC - http://youtu.be/3jBQFAAq23k

FULLDISC - 20150310 [CVE Identifier Updated] OpenKM Platform Remote Reflected Cross Site Scripting

FULLDISC - 20150309 OpenKM Platform Remote Reflected Cross Site Scripting

MISC - http://packetstormsecurity.com/files/130723/OpenKM-Stored-Cross-Site-Scripting.html


Last Updated: 27 May 2016 11:08:02