Alkacon

Opencms

30 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-42699

Exploit
  • EPSS 0.15%
  • Published 21.04.2025 00:00:00
  • Last modified 24.04.2025 16:42:20

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field

5.4

CVE-2024-41446

Exploit
  • EPSS 0.03%
  • Published 21.04.2025 00:00:00
  • Last modified 24.04.2025 16:44:22

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.

5.4

CVE-2024-41447

Exploit
  • EPSS 0.03%
  • Published 18.04.2025 00:00:00
  • Last modified 23.04.2025 17:31:14

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function.

6.4

CVE-2024-5521

  • EPSS 0.18%
  • Published 30.05.2024 12:15:11
  • Last modified 10.04.2025 19:17:25

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format ...

5.4

CVE-2024-5520

  • EPSS 0.19%
  • Published 30.05.2024 12:15:10
  • Last modified 23.04.2025 19:47:13

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code...

6.1

CVE-2023-6380

  • EPSS 43.28%
  • Published 13.12.2023 11:15:07
  • Last modified 21.11.2024 08:43:44

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compro...

6.1

CVE-2023-6379

  • EPSS 18.62%
  • Published 13.12.2023 11:15:07
  • Last modified 21.11.2024 08:43:44

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially t...

6.1

CVE-2023-37602

Exploit
  • EPSS 0.34%
  • Published 20.07.2023 19:15:10
  • Last modified 21.11.2024 08:12:01

An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.

5.4

CVE-2023-31544

Exploit
  • EPSS 0.09%
  • Published 16.05.2023 21:15:09
  • Last modified 23.01.2025 18:15:28

A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.

5.4

CVE-2021-25968

  • EPSS 0.21%
  • Published 19.10.2021 09:15:07
  • Last modified 21.11.2024 05:55:41

In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open t...