Skip to main content

Kkfileview

10 CVEs product

Monthly

CVE-2025-4538 MEDIUM This Month

A vulnerability was found in kkFileView 4.4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Kkfileview
NVD VulDB
CVSS 4.0
5.3
EPSS
0.3%
CVE-2023-48815 MEDIUM POC This Month

kkFileView v4.3.0 is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Kkfileview
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-4740 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in kkFileView. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-43140 HIGH POC This Week

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Kkfileview
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2022-42147 MEDIUM This Month

kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kkfileview
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-42149 CRITICAL POC Act Now

kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Kkfileview
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2022-40879 MEDIUM POC This Month

kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-36593 MEDIUM POC This Month

kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Kkfileview
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2022-35151 MEDIUM POC This Month

kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2022-29349 MEDIUM POC This Month

kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in kkFileView 4.4.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass File Upload Kkfileview
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM POC This Month

kkFileView v4.3.0 is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Kkfileview
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in kkFileView. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD VulDB
EPSS 2% CVSS 7.5
HIGH POC This Week

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Kkfileview
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kkfileview
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Kkfileview
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Kkfileview
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC This Month

kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kkfileview
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy