CVE-2025-57244

None

Description

OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation.

INFO

Published Date :

2025-11-05T00:00:00.000Z

Last Modified :

2025-11-05T19:57:23.140Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2025-57244 vulnerability.

Vendors	Products
Openkm	Openkm

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-57244.

URL	Resource
https://github.com/wolffangsecurity/CVEs/blob/main/Stored%20XSS%20via%20Input%20Fields%20with%20Inconsistent%20Client-Side%20and%20Server-Side%20Validation%20Writeup.md
https://github.com/wolffangsecurity/CVEs/tree/main/CVE-2025-57244

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact