Alkacon Software OpenCMS Cross-Site Scripting Vulnerability

Alkacon Software OpenCMS is Germany's Alkacon Software a set of open source Java and XML-based content management system CMS. The system supports template engine, WYSIWYG editor and so on. A cross-site scripting vulnerability exists in Alkacon Software OpenCMS versions 14 and 15, which stems from...

The vulnerability of the OpenCMS content management system, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the OpenCMS content management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the OpenCMS content management system, related to the failure to take measures to neutralize specific elements, allows attackers to influence the confidentiality, integrity, and accessibility of information.

The vulnerability of the OpenCMS content management system is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to influence the confidentiality, integrity, and accessibility of information...

The vulnerability of the OpenCMS content management system, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the OpenCMS content management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

OpenCMS Unauthenticated XXE Vulnerability (CVE-2023-42344)

OpenCms is a popular open-source Java framework developed by Alkacon Software. OpenCms provides a platform for users to design and develop web applications. The latest version of the framework is 16.0. About CVE-2023-42344 CVE-2023-42344 is a critical vulnerability where users can execute code...

The vulnerability of the OpenCMS content management system lies in the improper limitation of XML links to external objects, which allows attackers to execute arbitrary code by sending a specially crafted POST request.

The vulnerability of the OpenCMS content management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted POST request remotely...

PT-2023-7552

Name of the Vulnerable Software and Affected Versions OpenCMS affected versions not specified Description The issue in OpenCMS is related to the failure to neutralize special elements. This could allow a remote attacker to impact the confidentiality, integrity, and availability of information...

PT-2023-7554

Name of the Vulnerable Software and Affected Versions OpenCMS affected versions not specified Description The issue is related to the lack of protection for the web page structure in OpenCMS, allowing a remote attacker to conduct cross-site scripting attacks. Recommendations At the moment, there ...

Cross Site Scripting (XSS)

OpenCms is vulnerable to Cross Site Scripting XSS. The vulnerability exists due to the /workplace!explorer component which allows an attacker to inject and execute arbitrary JavaScript via uploading a crafted SVG file...

GHSA-GHG2-3W9X-9599 Alkacon OpenCMS arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

Alkacon OpenCMS arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

CVE-2023-37602

An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

CVE-2023-37602

An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

CVE-2023-37602

An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

Privilege escalation

An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

CVE-2023-37602

An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

CVE-2023-37602

CVE-2023-37602 affects Alkacon OpenCMS v15.0, specifically the /workplace#!explorer component. The Arbitrary file upload vulnerability allows an attacker to upload a crafted PNG to execute arbitrary code. The NVD entry reports a CVSS v3.1 base score of 6.1 (Medium) with Network access, Low attack...

CVE-2023-37602

An arbitrary file upload vulnerability in the component /workplace!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file...

Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting Vulnerability

Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: v15.0 POC: 1 Login in demo page , go to this url...

Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)

Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting XSS Date: 1/07/2023 Exploit Author: tmrswrr Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: v15.0 POC: 1 Login in demo page , go to this url...