Alkacon Opencms vulnerabilities
32 known vulnerabilities affecting alkacon/opencms.
Total CVEs
32
CISA KEV
0
Public exploits
10
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM28LOW2
Vulnerabilities
Page 2 of 2
CVE-2024-5520P4MEDIUMCVSS 5.4v16.0.0v162024-05-30
CVE-2024-5520 [MEDIUM] CWE-79 CVE-2024-5520: Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field.
nvd
CVE-2024-41446P4MEDIUMCVSS 5.4v17.0.02025-04-21
CVE-2024-41446 [MEDIUM] CWE-79 CVE-2024-41446: A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execu
A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.
nvd
CVE-2023-31544P4MEDIUMCVSS 5.4v11.02023-05-16
CVE-2023-31544 [MEDIUM] CWE-79 CVE-2023-31544: A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to e
A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.
nvd
CVE-2006-3934P4MEDIUMCVSS 4.0≤ 6.2.1v6.0.0+4 more2006-07-31
CVE-2006-3934 [MEDIUM] CWE-22 CVE-2006-3934: Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows
Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.
nvd
CVE-2015-2351P4MEDIUMCVSS 4.3v9.5.12015-03-19
CVE-2015-2351 [MEDIUM] CWE-79 CVE-2015-2351: Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remot
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) workplaceresource parameter to system/workplace/locales/en/help/index.html, (3) path parameter
nvd
CVE-2005-4475P4MEDIUMCVSS 6.8v6.0.2v6.0.32005-12-22
CVE-2005-4475 [MEDIUM] CVE-2005-4475: Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inj
Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
nvd
CVE-2013-4600P4MEDIUMCVSS 4.3≤ 8.5.1v6.0.0+10 more2013-08-09
CVE-2013-4600 [MEDIUM] CWE-79 CVE-2013-4600: Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote att
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html.
nvd
CVE-2005-4294P4MEDIUMCVSS 4.3≤ 6.0.2v6.0.02005-12-16
CVE-2005-4294 [MEDIUM] CVE-2005-4294: Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to
Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page.
nvd
CVE-2006-3936P4MEDIUMCVSS 4.0v6.0.0v6.0.2+4 more2006-07-31
CVE-2006-3936 [MEDIUM] CVE-2006-3936: system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated user
system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.
nvd
CVE-2008-1753P4MEDIUMCVSS 4.3v7.0.32008-04-11
CVE-2008-1753 [MEDIUM] CVE-2008-1753: Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon
Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510.
nvd
CVE-2006-2571P4LOWCVSS 2.6v6.0.0v6.0.2+1 more2006-05-24
CVE-2006-2571 [LOW] CVE-2006-2571: Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 a
Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action.
nvd
CVE-2006-3933P4LOWCVSS 3.5≤ 6.2.1v6.0.0+4 more2006-07-31
CVE-2006-3933 [LOW] CVE-2006-3933: Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated
Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body.
nvd
← Previous2 / 2