468 matches found
Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
CVE-2023-42344
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
CVE-2023-42343
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...
CVE-2023-42345
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
CVE-2023-42346
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
CVE-2023-42346
CVE-2023-42346 affects Alkacon OpenCms before version 16, where an external-hosted DOCTYPE can trigger a server-side XML External Entity (XXE) vulnerability. The root cause is improper handling of external entities in XML processing, leading to potential exposure of confidential data (CVSS 3.1 ba...
CVE-2023-42344
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
CVE-2023-42345
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
Alkacon OpenCMS 跨站脚本漏洞
Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Versions of Alkacon OpenCMS prior to version 16 contained a cross-site scripting vulnerability, which was caused by the updateModelGroups.jsp file allowing for cross-site scripting attacks...
CVE-2023-42345
Affected product: Alkacon OpenCms before 16. Vulnerability: Cross Site Scripting via updateModelGroups.jsp. Root cause not detailed in the provided documents. Impact aligned with CVSS: 6.1 (Medium) with user interaction required. Exploitation status not provided in the sources. No remediation/pat...
CVE-2023-42344
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
CVE-2023-42346
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
CVE-2023-42345
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
CVE-2023-42346
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
CVE-2023-42344
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
Alkacon OpenCMS 跨站脚本漏洞
Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Versions of Alkacon OpenCMS prior to 10.5.1 had a cross-site scripting vulnerability, which was caused by the cmis-online/type module being vulnerable to cross-site scripting attacks...
Alkacon OpenCMS 安全漏洞
Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Previous versions of Alkacon OpenCMS, such as OpenCMS 16, had security vulnerabilities. These vulnerabilities stemmed from XXE attacks when DOCTYPE references external hosts...
CVE-2023-42345
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
CVE-2023-42343
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...