cbcvebase.

Alkacon Opencms vulnerabilities

32 known vulnerabilities affecting alkacon/opencms.

Total CVEs
32
CISA KEV
0
Public exploits
10
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM28LOW2

Vulnerabilities

Page 2 of 2
CVE-2024-5520P4MEDIUMCVSS 5.4v16.0.0v162024-05-30
CVE-2024-5520 [MEDIUM] CWE-79 CVE-2024-5520: Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field.
nvd
CVE-2024-41446P4MEDIUMCVSS 5.4v17.0.02025-04-21
CVE-2024-41446 [MEDIUM] CWE-79 CVE-2024-41446: A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execu A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.
nvd
CVE-2023-31544P4MEDIUMCVSS 5.4v11.02023-05-16
CVE-2023-31544 [MEDIUM] CWE-79 CVE-2023-31544: A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to e A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.
nvd
CVE-2006-3934P4MEDIUMCVSS 4.0≤ 6.2.1v6.0.0+4 more2006-07-31
CVE-2006-3934 [MEDIUM] CWE-22 CVE-2006-3934: Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.
nvd
CVE-2015-2351P4MEDIUMCVSS 4.3v9.5.12015-03-19
CVE-2015-2351 [MEDIUM] CWE-79 CVE-2015-2351: Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remot Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) workplaceresource parameter to system/workplace/locales/en/help/index.html, (3) path parameter
nvd
CVE-2005-4475P4MEDIUMCVSS 6.8v6.0.2v6.0.32005-12-22
CVE-2005-4475 [MEDIUM] CVE-2005-4475: Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inj Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
nvd
CVE-2013-4600P4MEDIUMCVSS 4.3≤ 8.5.1v6.0.0+10 more2013-08-09
CVE-2013-4600 [MEDIUM] CWE-79 CVE-2013-4600: Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote att Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html.
nvd
CVE-2005-4294P4MEDIUMCVSS 4.3≤ 6.0.2v6.0.02005-12-16
CVE-2005-4294 [MEDIUM] CVE-2005-4294: Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page.
nvd
CVE-2006-3936P4MEDIUMCVSS 4.0v6.0.0v6.0.2+4 more2006-07-31
CVE-2006-3936 [MEDIUM] CVE-2006-3936: system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated user system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.
nvd
CVE-2008-1753P4MEDIUMCVSS 4.3v7.0.32008-04-11
CVE-2008-1753 [MEDIUM] CVE-2008-1753: Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510.
nvd
CVE-2006-2571P4LOWCVSS 2.6v6.0.0v6.0.2+1 more2006-05-24
CVE-2006-2571 [LOW] CVE-2006-2571: Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 a Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action.
nvd
CVE-2006-3933P4LOWCVSS 3.5≤ 6.2.1v6.0.0+4 more2006-07-31
CVE-2006-3933 [LOW] CVE-2006-3933: Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body.
nvd
Alkacon Opencms vulnerabilities | cvebase