468 matches found
Alkacon OpenCMS 安全漏洞
Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from cross-site scripting in the title subfield of the image field in the Create/Modify article function, which could lead to the injection of a javascript...
CVE-2024-41446
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...
CVE-2025-28099
opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,...
PT-2025-17452 · Opencms · Opencms
Name of the Vulnerable Software and Affected Versions: opencms version 2.3 Description: The issue allows for Arbitrary file read in the src/main/webapp/view/admin/document/dataPage.jsp file. Recommendations: For opencms version 2.3, as a temporary workaround, consider restricting access to the...
CVE-2024-42699
Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...
PT-2025-17444 · Alkacon · Alkacon Opencms
Name of the Vulnerable Software and Affected Versions: Alkacon OpenCMS version 17.0 Description: A Cross Site Scripting vulnerability in the Create/Modify article function allows a remote attacker to inject a javascript payload via the image title sub-field in the image field. Recommendations: Fo...
CVE-2024-42699
Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...
CVE-2024-41446
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...
PT-2025-17435 · Alkacon · Alkacon Opencms
Name of the Vulnerable Software and Affected Versions: Alkacon OpenCMS version 17.0 Description: A stored cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article...
Alkacon OpenCMS 安全漏洞
Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from the presence of stored cross-site scripting in the image parameter of the Create/Modify article function, which could lead to the execution of arbitra...
opencms 安全漏洞
opencms is a CMS system of fumiao individual developer. A security vulnerability exists in opencms V2.3, which originates from the file src/main/webapp/view/admin/document/dataPage.jsp being read by an arbitrary file...
de.eonas.portal.demo:content (=0.1), de.eonas.portal.demo:templates (=0.1) +107 more potentially affected by CVE-2024-41447 via org.opencms:opencms-core (>=8.0.1 <=9.5.3)
org.opencms:opencms-core MAVEN version =8.0.1, =8.5.1.1, =8.5.1.1, =8.0.1, =8.0.1, =8.0.4, =8.5.0, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.5.0, =8.5.2 and more Source cves: CVE-2024-41447 Source advisory: SNYK:JAVA-ORGOPENCMS-9802336...
GHSA-VQ95-6X79-QV8J Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...
Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...
CVE-2024-41447
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...
CVE-2024-41447
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...
CVE-2024-41447
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...
CVE-2024-41447
CVE-2024-41447 — Alkacon OpenCMS 17.0 stored XSS . A stored cross-site scripting flaw exists in the author parameter used in the Create/Modify article workflow, allowing an attacker to inject arbitrary web scripts/HTML. The vulnerability affects OpenCMS v17.0 and can be triggered by crafted paylo...
PT-2025-17320 · Alkacon · Alkacon Opencms
Name of the Vulnerable Software and Affected Versions: Alkacon OpenCMS version 17.0 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...
CVE-2024-41447
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...