CVE-2023-50072 is a Stored Cross-Site Scripting (XSS) vulnerability identified in OpenKM version 7.1.40 with the Professional Extension. OpenKM is an enterprise document management system used to store, manage, and share documents digitally. The vulnerability arises because authenticated users can upload notes attached to document files that contain malicious scripts. These scripts are stored persistently and executed in the context of any user who subsequently opens the note associated with the document. This stored XSS flaw allows an attacker to execute arbitrary JavaScript code within the victim's browser session, potentially leading to session hijacking, unauthorized actions, or data theft. The vulnerability requires the attacker to have authenticated access to upload the malicious note, and the victim must interact with the compromised note to trigger the payload. The CVSS 3.1 base score is 5.4 (medium severity), reflecting the network attack vector, low attack complexity, required privileges, and user interaction needed. The scope is changed (S:C), indicating that the vulnerability can affect resources beyond the initially vulnerable component. The impact on confidentiality and integrity is low, with no impact on availability. No known exploits are reported in the wild, and no patches or vendor advisories are currently linked. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS.

For European organizations using OpenKM 7.1.40 with the Professional Extension, this vulnerability poses a moderate risk. Since OpenKM is used for document management, exploitation could lead to unauthorized access to sensitive documents or leakage of confidential information via session hijacking or credential theft. The requirement for authenticated access limits the attack surface to internal or trusted users, but insider threats or compromised accounts could exploit this. The stored nature of the XSS means multiple users could be affected once the malicious note is uploaded. This could undermine trust in document integrity and confidentiality, disrupt workflows, and potentially lead to compliance violations under GDPR if personal or sensitive data is exposed. The medium severity score indicates that while the vulnerability is not critical, it should be addressed promptly to prevent escalation or lateral movement within networks.

European organizations should implement the following specific mitigations: 1) Restrict note upload permissions strictly to trusted and trained users to reduce the risk of malicious payload insertion. 2) Implement input validation and output encoding on note content to neutralize any embedded scripts before storage or rendering. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in the browser context. 4) Monitor and audit user activities related to document notes for unusual or suspicious behavior. 5) Educate users to be cautious when opening notes, especially from less trusted sources. 6) If possible, upgrade to a newer OpenKM version where this vulnerability is fixed or apply vendor-provided patches once available. 7) Use web application firewalls (WAFs) with rules targeting XSS payload patterns to provide an additional layer of defense. 8) Regularly review and update authentication and session management controls to minimize the impact of session hijacking attempts.