📄 OpenCMS 17.0 Cross Site Scripting

OpenCMS version 17.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: OpenCMS 17.0 - Stored Cross Site Scripting XSS Date: 24-11-2024 Exploit Author: Siddhartha Naik Vendor Homepage: http://www.opencms.org/en/ Software Link:...

OpenCMS 17.0 - Stored Cross Site Scripting (XSS)

Exploit Title: OpenCMS 17.0 - Stored Cross Site Scripting XSS Date: 24-11-2024 Exploit Author: Siddhartha Naik Vendor Homepage: http://www.opencms.org/en/ Software Link: http://www.opencms.org/en/modules/downloads/begindownload.html?id=dade528f-ec17-11ee-ab97-7fde8b0295e1 Affected Version: 17.0...

CVE-2025-3317

A vulnerability classified as problematic has been found in fumiao opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f. Affected is an unknown function of the file opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. The manipulation of the argument path leads to path traversal. It is...

CVE-2025-3317

A vulnerability classified as problematic has been found in fumiao opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f. Affected is an unknown function of the file opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. The manipulation of the argument path leads to path traversal. It is...

CVE-2025-3317 fumiao opencms dataPage.jsp path traversal

A vulnerability classified as problematic has been found in fumiao opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f. Affected is an unknown function of the file opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. The manipulation of the argument path leads to path traversal. It is...

CVE-2025-3317 fumiao opencms dataPage.jsp path traversal

A vulnerability classified as problematic has been found in fumiao opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f. Affected is an unknown function of the file opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. The manipulation of the argument path leads to path traversal. It is...

CVE-2025-3317

Fumiao Opencms (up to commit a0fafa5cff58719e9b27c2a2eec204cc165ce14f) contains a path traversal vulnerability in opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. The path parameter manipulation allows remote exploitation. No affected version details or fixes are provided in the docu...

PT-2025-15099 · Unknown · Fumiao Opencms

Name of the Vulnerable Software and Affected Versions: fumiao opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f Description: A problematic vulnerability has been found in fumiao opencms. The issue affects an unknown function of the file...

opencms 路径遍历漏洞

opencms is a CMS system by the individual developer fumiao. A path traversal vulnerability exists in opencms, which stems from an incorrect operation of the path parameter that can lead to path traversal...

CVE-2025-0708

A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the component Add Model Management Page. The manipulation of the argument 模板前缀 leads to cross site scripting. The attack can be...

CVE-2025-0708 fumiao opencms Add Model Management Page addOrUpdate cross site scripting

A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the component Add Model Management Page. The manipulation of the argument 模板前缀 leads to cross site scripting. The attack can be...

CVE-2025-0708 fumiao opencms Add Model Management Page addOrUpdate cross site scripting

A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the component Add Model Management Page. The manipulation of the argument 模板前缀 leads to cross site scripting. The attack can be...

CVE-2025-0708

CVE-2025-0708 affects fumiao opencms 2.2. The vulnerability is in the /admin/model/addOrUpdate endpoint, where manipulating the parameter 模板前缀 can trigger cross-site scripting. Exploitation is possible remotely and publicly disclosed. Connected sources confirm the affected component and the root ...

PT-2025-4017 · Unknown · Fumiao Opencms

Name of the Vulnerable Software and Affected Versions: fumiao opencms version 2.2 Description: A vulnerability was found in the file /admin/model/addOrUpdate of the component Add Model Management Page. The manipulation of the argument 模板前缀 leads to cross-site scripting. The attack can be initiate...

opencms 代码注入漏洞

opencms is a CMS system by fumiao individual developer. A code injection vulnerability exists in opencms version 2.2, which originates from the parameter model in the file /admin/model/addOrUpdate that can lead to cross-site scripting...

Cross-site Scripting (XSS)

org.opencms: opencms-core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of .svg files, allowing users with the roles of gallery editor or VFS resource manager to upload images containing JavaScript code, which will be executed when another user accesse...

Cross-site Scripting (XSS)

org.opencms:opencms-core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input validation in the "title" field, allowing users with sufficient privileges to insert and execute malicious JavaScript code through the admin panel...

GHSA-VG6X-PCHQ-98MG OpenCMS Cross-Site Scripting vulnerability

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field...

OpenCMS Cross-Site Scripting vulnerability

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field...

CVE-2024-5521

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...