Keking Kkfileview

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Keking Kkfileview.

By the Year

In 2026 there have been 0 vulnerabilities in Keking Kkfileview. Last year, in 2025 Kkfileview had 1 security vulnerability published. Right now, Kkfileview is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	1	9.80
2024	0	0.00
2023	2	6.10
2022	9	6.87

It may take a day or so for new Kkfileview vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Keking Kkfileview Security Vulnerabilities

kkFileView 4.4.0: Unrestricted file upload via /fileUpload (critical)
CVE-2025-4538 9.8 - Critical - May 11, 2025

A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Unrestricted File Upload

kkFileView 4.3.0 Incorrect Access Control Vulnerability
CVE-2023-48815 6.1 - Medium - December 04, 2023

kkFileView v4.3.0 is vulnerable to Incorrect Access Control.

Open Redirect

XSS in kkFileView 4.1.0 OnlinePreviewController via URL param
CVE-2022-46934 6.1 - Medium - February 01, 2023

kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.

XSS

kkFileView XSS via setWatermarkAttribute in /picturesPreview
CVE-2022-4740 6.1 - Medium - December 25, 2022

A vulnerability, which was classified as problematic, has been found in kkFileView. Affected by this issue is the function setWatermarkAttribute of the file /picturesPreview. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-216776.

XSS

kkFileView 4.1.0 SSRF via OnlinePreviewController#getCorsFile
CVE-2022-43140 7.5 - High - November 17, 2022

kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.

SSRF

kkFileView 4.0 XSS via controller/FileController
CVE-2022-42147 6.1 - Medium - October 17, 2022

kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.

XSS

kkFileView 4.0 SSRF via OnlinePreviewController
CVE-2022-42149 9.8 - Critical - October 17, 2022

kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.

SSRF

kkFileView v4.1.0 XSS via errorMsg param (CVE-2022-40879)
CVE-2022-40879 6.1 - Medium - September 29, 2022

kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'

XSS

Arbitrary File Deletion in kkFileView v4.0.0 via fileName param
CVE-2022-36593 6.5 - Medium - September 02, 2022

kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java.

Directory traversal

kkFileView v4.1.0 XSS via URLs/CurrentUrl in OnlinePreviewController (Java)
CVE-2022-35151 6.1 - Medium - August 17, 2022

kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.

XSS

kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability
CVE-2022-29349 6.1 - Medium - May 25, 2022

kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.

XSS

kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability
CVE-2021-43734 7.5 - High - February 15, 2022

kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.

Directory traversal

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Keking Kkfileview or by Keking? Click the Watch button to subscribe.

Keking
Vendor

Keking Kkfileview
Product

Keking Kkfileview

Don't miss out!

By the Year

Recent Keking Kkfileview Security Vulnerabilities

kkFileView 4.4.0: Unrestricted file upload via /fileUpload (critical) CVE-2025-4538 9.8 - Critical - May 11, 2025

kkFileView 4.3.0 Incorrect Access Control Vulnerability CVE-2023-48815 6.1 - Medium - December 04, 2023

XSS in kkFileView 4.1.0 OnlinePreviewController via URL param CVE-2022-46934 6.1 - Medium - February 01, 2023

kkFileView XSS via setWatermarkAttribute in /picturesPreview CVE-2022-4740 6.1 - Medium - December 25, 2022

kkFileView 4.1.0 SSRF via OnlinePreviewController#getCorsFile CVE-2022-43140 7.5 - High - November 17, 2022

kkFileView 4.0 XSS via controller/FileController CVE-2022-42147 6.1 - Medium - October 17, 2022

kkFileView 4.0 SSRF via OnlinePreviewController CVE-2022-42149 9.8 - Critical - October 17, 2022

kkFileView v4.1.0 XSS via errorMsg param (CVE-2022-40879) CVE-2022-40879 6.1 - Medium - September 29, 2022

Arbitrary File Deletion in kkFileView v4.0.0 via fileName param CVE-2022-36593 6.5 - Medium - September 02, 2022

kkFileView v4.1.0 XSS via URLs/CurrentUrl in OnlinePreviewController (Java) CVE-2022-35151 6.1 - Medium - August 17, 2022

kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability CVE-2022-29349 6.1 - Medium - May 25, 2022

kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability CVE-2021-43734 7.5 - High - February 15, 2022