kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
View the template here CVE-2022-35151.yaml
References:
https://github.com/kekingcn/kkFileView/issues/366