CVE-2022-4740— kkFileView picturesPreview setWatermarkAttribute cross site scripting

CVSS 3.5 · Low EPSS 0.40% · P61 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-4740

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

kkFileView picturesPreview setWatermarkAttribute cross site scripting

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216776.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

kkFileView 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Keking kkFileView是中国凯京科技（Keking）公司的一个 Spring-Boot 打造文件文档在线预览项目。 kkFileView存在跨站脚本漏洞，该漏洞源于其/picturesPreview文件中的setWatermarkAttribute函数允许攻击者实现跨站脚本。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	kkFileView	n/a	-

II. Public POCs for CVE-2022-4740

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-4740

请登录查看更多情报信息。

https://vuldb.com/?id.216776vdb-entrytechnical-description
https://vuldb.com/?ctiid.216776signaturepermissions-required
https://gitee.com/kekingcn/file-online-preview/issues/I674ACexploitissue-tracking
https://nvd.nist.gov/vuln/detail/CVE-2022-4740

Same Patch Batch · n/a · 2022-12-25 · 30 CVEs total

CVE-2022-4741	4.3 MEDIUM	docconv XMLToText memory allocation
CVE-2021-4280	4.3 MEDIUM	styler_praat_scripts Slash file_segmenter.praat denial of service
CVE-2022-4736	3.5 LOW	Venganzas del Pasado cross site scripting
CVE-2019-25084	3.5 LOW	Hide Files on GitHub options.js addEventListener cross site scripting
CVE-2022-4731	2.4 LOW	myapnea Title cross site scripting
CVE-2022-44380		Snipe-IT 跨站脚本漏洞
CVE-2022-45896		Planet Enterprises Planet eStream 代码问题漏洞
CVE-2022-44381		Snipe-IT 安全漏洞
CVE-2022-44640		Heimdal 安全漏洞
CVE-2022-45197		slixmpp 信任管理问题漏洞
CVE-2022-45889		Planet Enterprises Planet eStream SQL注入漏洞
CVE-2022-45890		Planet Enterprises Planet eStream 跨站脚本漏洞
CVE-2022-45891		Planet Enterprises Planet eStream SQL注入漏洞
CVE-2022-45892		Planet Enterprises Planet eStream 跨站脚本漏洞
CVE-2022-45893		Planet Enterprises Planet eStream SQL注入漏洞
CVE-2022-45894		Planet Enterprises Planet eStream 路径遍历漏洞
CVE-2022-45895		Planet Enterprises Planet eStream SQL注入漏洞
CVE-2022-44017		Simmeth System Supplier Manager 授权问题漏洞
CVE-2022-44016		Simmeth System Supplier Manager 路径遍历漏洞
CVE-2022-44015		Simmeth System Supplier Manager SQL注入漏洞

Showing top 20 of 30 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: kkFileView

CVE-2025-4538
kkFileView fileUpload unrestricted upload

Same vendor: n/a

Same weakness: CWE-79

V. Comments for CVE-2022-4740

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-4740— kkFileView picturesPreview setWatermarkAttribute cross site scripting

I. Basic Information for CVE-2022-4740

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-4740

III. Intelligence Information for CVE-2022-4740

Same Patch Batch · n/a · 2022-12-25 · 30 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-4740

Leave a comment