468 matches found
OpenCMS - Cross-Site Scripting
OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability. id: CVE-2023-42343 info: name: OpenCMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability. impact: | Unauthenticated attackers...
OpenCMS 14 & 15 - Cross Site Scripting
Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. id: CVE-2023-6379 info: name: OpenCMS 14 & 15 - Cross Site Scripting author: msegoviag severity: medium description: | Cross-site scripting XSS vulnerability in Alkacon...
OpenCms 14 & 15 - Open Redirect
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template id: CVE-2023-6380 info: name: OpenCms 14 & 15 - Open Redirect author: MiguelSegoviaGil severity: medium description: | Open redirect vulnerability has been found in the Open C...
CVE-2023-42343
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...
CVE-2023-42344
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
CVE-2023-42345
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
CVE-2023-42346
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
EUVD-2023-46797
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
EUVD-2023-46796
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...
EUVD-2023-46799
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
GHSA-PJ6P-9P8X-5MFC Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
Alkacon OpenCms is vulnerable to XSS via cmis-online/type
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...
Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
GHSA-RCC6-6Q2F-M2CW Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
GHSA-8GPV-C454-3HFC Alkacon OpenCms is vulnerable to XSS via cmis-online/type
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...
GHSA-2887-F3V6-6RJF Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
Cross-site Scripting (XSS)
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the cmis-online/type process. An attacker can execute arbitrary scripts in the context of a user's browser by...
XML External Entity (XXE) Injection
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the cmis-online/query process. An attacker can access sensitive information by submitting specially...