CVE-2022-4740
LOWkkFileView - Cross-Site Scripting via setWatermarkAttribute in Pictures Preview
Title source: llmDescription
A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216776.
References (3)
Core 3
Core References
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.216776
Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.216776
Exploit, Issue Tracking, Third Party Advisory exploit
issue-tracking
https://gitee.com/kekingcn/file-online-preview/issues/I674AC
Scores
CVSS v3
3.5
EPSS
0.0055
EPSS Percentile
41.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
keking/kkfileview
Published
Dec 25, 2022
Tracked Since
Feb 18, 2026