Alkacon

Opencms

30 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2021-3312

Exploit
  • EPSS 0.48%
  • Published 08.10.2021 15:15:09
  • Last modified 21.11.2024 06:21:15

An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.

6.1

CVE-2019-13236

Exploit
  • EPSS 4.25%
  • Published 27.08.2019 12:15:12
  • Last modified 21.11.2024 04:24:30

In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.

7.8

CVE-2019-11819

Exploit
  • EPSS 0.2%
  • Published 08.05.2019 16:29:00
  • Last modified 21.11.2024 04:21:49

Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.

6.1

CVE-2019-11818

Exploit
  • EPSS 0.24%
  • Published 08.05.2019 16:29:00
  • Last modified 21.11.2024 04:21:49

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or La...

4.6

CVE-2018-8815

Exploit
  • EPSS 0.19%
  • Published 20.03.2018 07:29:00
  • Last modified 21.11.2024 04:14:22

Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.

8.8

CVE-2018-8811

Exploit
  • EPSS 0.28%
  • Published 20.03.2018 07:29:00
  • Last modified 21.11.2024 04:14:22

Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It i...

4.3

CVE-2015-2351

Exploit
  • EPSS 0.4%
  • Published 19.03.2015 14:59:03
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head....

4.3

CVE-2013-4600

Exploit
  • EPSS 0.26%
  • Published 09.08.2013 21:55:07
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource ...

4.3

CVE-2008-1753

Exploit
  • EPSS 0.34%
  • Published 11.04.2008 21:05:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510.

4.3

CVE-2008-1510

  • EPSS 0.35%
  • Published 25.03.2008 23:44:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter.