Alkacon Opencms Apollo Template vulnerabilities
3 known vulnerabilities affecting alkacon/opencms_apollo_template.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2019-13234P3MEDIUMCVSS 6.1PoCv10.5.4v10.5.52019-08-27
CVE-2019-13234 [MEDIUM] CWE-79 CVE-2019-13234: In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.
nvd
CVE-2019-13235P3MEDIUMCVSS 6.1PoCv10.5.4v10.5.52019-08-27
CVE-2019-13235 [MEDIUM] CWE-79 CVE-2019-13235: In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
nvd
CVE-2019-13237P4MEDIUMCVSS 4.3PoCv10.5.4v10.5.52019-08-27
CVE-2019-13237 [MEDIUM] CWE-22 CVE-2019-13237: In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusio
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.
nvd