Alkacon

Opencms

32 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2026-2736

  • EPSS 0.03%
  • Veröffentlicht 19.02.2026 08:39:46
  • Zuletzt bearbeitet 23.02.2026 19:15:32

Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ parameter in ‘/search/index.html’. This vulnerabilit...

5.4

CVE-2026-2735

  • EPSS 0.03%
  • Veröffentlicht 19.02.2026 08:38:31
  • Zuletzt bearbeitet 23.02.2026 19:16:05

Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter.

6.5

CVE-2024-42699

Exploit
  • EPSS 0.56%
  • Veröffentlicht 21.04.2025 00:00:00
  • Zuletzt bearbeitet 24.04.2025 16:42:20

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field

5.4

CVE-2024-41446

Exploit
  • EPSS 0.19%
  • Veröffentlicht 21.04.2025 00:00:00
  • Zuletzt bearbeitet 24.04.2025 16:44:22

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.

5.4

CVE-2024-41447

Exploit
  • EPSS 0.14%
  • Veröffentlicht 18.04.2025 00:00:00
  • Zuletzt bearbeitet 23.04.2025 17:31:14

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function.

6.4

CVE-2024-5521

  • EPSS 0.16%
  • Veröffentlicht 30.05.2024 12:15:11
  • Zuletzt bearbeitet 10.04.2025 19:17:25

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format ...

5.4

CVE-2024-5520

  • EPSS 0.17%
  • Veröffentlicht 30.05.2024 12:15:10
  • Zuletzt bearbeitet 23.04.2025 19:47:13

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code...

6.1

CVE-2023-6380

  • EPSS 37.89%
  • Veröffentlicht 13.12.2023 11:15:07
  • Zuletzt bearbeitet 21.11.2024 08:43:44

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compro...

6.1

CVE-2023-6379

  • EPSS 22.49%
  • Veröffentlicht 13.12.2023 11:15:07
  • Zuletzt bearbeitet 21.11.2024 08:43:44

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially t...

6.1

CVE-2023-37602

Exploit
  • EPSS 0.26%
  • Veröffentlicht 20.07.2023 19:15:10
  • Zuletzt bearbeitet 21.11.2024 08:12:01

An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.