CVE-2022-29349
published 2022-05-25CVE-2022-29349: kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.
PriorityP335medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.68%
74.1th percentile
kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| keking | kkfileview | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
kkFileView 4.0.0 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-29349 [MEDIUM] kkFileView 4.0.0 - Cross-Site Scripting
kkFileView 4.0.0 - Cross-Site Scripting
kkFileView 4.0.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
Template:
id: CVE-2022-29349
info:
name: kkFileView 4.0.0 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
kkFileView 4.0.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Apply the latest security patch or upgrade to a newer ver
No writeups or analysis indexed.
2022-05-25
Published