CVE-2025-57244 — MEDIUM (5.4)

Vulnerability Description

OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Openkm	Openkm	6.3.12

Related Weaknesses (CWE)

CWE-79

References

https://github.com/wolffangsecurity/CVEs/blob/main/Stored%20XSS%20via%20Input%20Broken Link
https://github.com/wolffangsecurity/CVEs/tree/main/CVE-2025-57244ExploitThird Party Advisory

FAQ

What is CVE-2025-57244?

CVE-2025-57244 is a vulnerability with a CVSS score of 5.4 (MEDIUM). OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the...

How severe is CVE-2025-57244?

CVE-2025-57244 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-57244?

Check the references section above for vendor advisories and patch information. Affected products include: Openkm Openkm.