CVE-2025-57244

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-57244
OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/wolffangsecurity/CVEs/blob/main/Stored%20XSS%20via%20Input%20Fields%20with%20Inconsistent%20Client-Side%20and%20Server-Side%20Validation%20Writeup.md Broken Link
https://github.com/wolffangsecurity/CVEs/tree/main/CVE-2025-57244 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:openkm:openkm:6.3.12:*:*:*:community:*:*:*
History

07 Nov 2025, 19:48

Type Values Removed Values Added
CPE cpe:2.3:a:openkm:openkm:6.3.12:*:*:*:community:*:*:*
First Time Openkm openkm
Openkm
References () https://github.com/wolffangsecurity/CVEs/blob/main/Stored%20XSS%20via%20Input%20Fields%20with%20Inconsistent%20Client-Side%20and%20Server-Side%20Validation%20Writeup.md - () https://github.com/wolffangsecurity/CVEs/blob/main/Stored%20XSS%20via%20Input%20Fields%20with%20Inconsistent%20Client-Side%20and%20Server-Side%20Validation%20Writeup.md - Broken Link
References () https://github.com/wolffangsecurity/CVEs/tree/main/CVE-2025-57244 - () https://github.com/wolffangsecurity/CVEs/tree/main/CVE-2025-57244 - Exploit, Third Party Advisory

05 Nov 2025, 20:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.4
CWE CWE-79

05 Nov 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-11-05 17:15

Updated : 2025-11-07 19:48

NVD link : CVE-2025-57244

Mitre link : CVE-2025-57244

CVE.ORG link : CVE-2025-57244

JSON object : View

Products Affected

openkm

  • openkm
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')