{"id":"CVE-2021-3628","details":"OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter.","modified":"2026-07-09T01:31:15.380842Z","published":"2021-08-30T18:15:09.753Z","references":[{"type":"ADVISORY","url":"https://docs.openkm.com/kcenter/view/okm-6.3-com/migration-guide.html"},{"type":"ADVISORY","url":"https://www.incibe-cert.es/en/early-warning/security-advisories/openkm-document-management-community-vulnerable-cross-site"},{"type":"FIX","url":"https://github.com/openkm/document-management-system/issues/278"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openkm/document-management-system","events":[{"introduced":"1aaa1f2cade7115a4553e51917b70269a426f9f5"},{"last_affected":"1aaa1f2cade7115a4553e51917b70269a426f9f5"}],"database_specific":{"source":"CPE_STRING","extracted_events":[{"introduced":"6.3.10"},{"last_affected":"6.3.10"}],"cpe":"cpe:2.3:a:openkm:openkm:6.3.10:*:*:*:community:*:*:*"}}],"versions":["6.3.10","v6.3.10"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3628.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}