Kkfileview

kkfileview

Vendor: Keking • 12 CVEs

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-4538 1Keking 1Kkfileview Jun 16, 2025 May 11, 2025 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible...Show more A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-48815 1Keking 1Kkfileview Nov 21, 2024 Dec 4, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 kkFileView v4.3.0 is vulnerable to Incorrect Access Control.
CVE-2022-46934 1Keking 1Kkfileview Mar 27, 2025 Feb 1, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.
CVE-2022-4740 1Keking 1Kkfileview Nov 21, 2024 Dec 25, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scriptin...Show more A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216776.Show less
CVE-2022-43140 1Keking 1Kkfileview Apr 30, 2025 Nov 17, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the applicatio...Show more kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.Show less
CVE-2022-42147 1Keking 1Kkfileview May 14, 2025 Oct 17, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.
CVE-2022-42149 1Keking 1Kkfileview May 14, 2025 Oct 17, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.
CVE-2022-40879 1Keking 1Kkfileview May 20, 2025 Sep 29, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'
CVE-2022-36593 1Keking 1Kkfileview Nov 21, 2024 Sep 2, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java.
CVE-2022-35151 1Keking 1Kkfileview Nov 21, 2024 Aug 17, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
CVE-2022-29349 1Keking 1Kkfileview Nov 21, 2024 May 25, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.
CVE-2021-43734 1Keking 1Kkfileview Nov 21, 2024 Feb 15, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.