468 matches found
CVE-2024-5521
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...
CVE-2024-5520
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field...
CVE-2024-5520
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field...
CVE-2024-5521 Cross-Site Scripting stored in Alkacon OpenCMS
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...
CVE-2024-5521 Cross-Site Scripting stored in Alkacon OpenCMS
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...
CVE-2024-5521
The CVE-2024-5521 entry describes stored Cross-Site Scripting in Alkacon OpenCMS 16 via SVG file uploads. The root cause is improper validation of .svg images, which, when uploaded by users with gallery editor or VFS resource manager roles, allows JavaScript in the SVG to execute when another use...
CVE-2024-5520 Cross-Site Scripting stored in Alkacon OpenCMS
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field...
CVE-2024-5520
OpenCMS 16 by Alkacon has two stored Cross-Site Scripting vulnerabilities affecting the title field that let users with sufficient privileges create/modify pages and execute malicious JavaScript when pages are viewed. The issue arises from insufficient input validation in the title field. Several...
CVE-2024-5520 Cross-Site Scripting stored in Alkacon OpenCMS
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field...
PT-2024-36493 · Alkacon · Opencms
Name of the Vulnerable Software and Affected Versions: Alkacon's OpenCMS version 16 Description: Two Cross-Site Scripting issues have been discovered in Alkacon's OpenCMS, which could allow a user with sufficient privileges to create and modify web pages through the admin panel to execute malicio...
Alkacon Software OpenCMS 跨站脚本漏洞
Alkacon Software OpenCMS is an open source Java and XML based Content Management System CMS from Alkacon Software, Germany. The system supports template engines, WYSIWYG editors, and more. A cross-site scripting vulnerability exists in Alkacon Software OpenCMS version 16, which stems from a store...
PT-2024-36494 · Opencms · Opencms
Name of the Vulnerable Software and Affected Versions: OpenCMS version 16 Description: The issue allows a user with the roles of gallery editor or VFS resource manager to upload images in the .svg format containing JavaScript code. This code will be executed when another user accesses the image...
OpenCMS < 10.5.1 Multiples Vulnerabilities
According to its self-reported version number, the detected OpenCMS application is affected by multiple vulnerabilities : - An unauthenticated XML External Entity that an attackers can leverage to a Remote Code Execution - An unauthenticated Cross-Site Scripting XSS vulnerability in id parameter...
OpenCMS < 16.0 Multiples Vulnerabilities
According to its self-reported version number, the detected OpenCMS application is affected by multiple vulnerabilities : - An authenticated Cross-Site Scripting XSS vulnerability in basePath parameter - An unauthenticated Apache Solr Injection in query parameter Note that the scanner has not...
VulnCheck KEV: CVE-2023-42344
OpenCMS is vulnerable to an unauthenticated external entity vulnerability that could allow for code execution via malicious requests to the OpenCMS server...
GHSA-W62V-Q77R-66CC Alkacon OpenCMS XSS via Mercury template
Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...
CVE-2023-6380 Open Redirect in Alkacon Software OpenCms
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability i...
CVE-2023-6380 Open Redirect in Alkacon Software OpenCms
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability i...
CVE-2023-6379 Cross-site Scripting in Alkacon Software OpenCms
Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...
CVE-2023-6379 Cross-site Scripting in Alkacon Software OpenCms
Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...