468 matches found
Alkacon OpenCMS 15.0 Cross Site Scripting
Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting Date: 1/07/2023 Exploit Author: tmrswrr Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: v15.0 POC: 1 Login in demo page , go to this url...
Cross-site Scripting (XSS)
opencms-gwt is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the generateTooltipHtml function of CmsResultItemWidget.java, which allows an attacker to inject and execute malicious javascript or HTML through the Title field under the upload image module...
GHSA-M44F-9JHG-59CR alkacon-OpenCMS vulnerable to stored Cross-site Scripting
A stored cross-site scripting XSS vulnerability in alkacon-OpenCMS v11.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module...
alkacon-OpenCMS vulnerable to stored Cross-site Scripting
A stored cross-site scripting XSS vulnerability in alkacon-OpenCMS v11.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module...
CVE-2023-31544
A stored cross-site scripting XSS vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module...
CVE-2023-31544
A stored cross-site scripting XSS vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module...
Alkacon Software OpenCMS 跨站脚本漏洞
Alkacon Software OpenCMS is Germany's Alkacon Software a set of open source Java and XML-based content management system CMS. The system supports template engine, WYSIWYG editor and so on. A security vulnerability exists in Alkacon Software OpenCMS version v11.0.0.0. An attacker can exploit the...
CVE-2023-31544
CVE-2023-31544 describes a stored Cross-site Scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 . The issue arises when a crafted payload is injected into the Title field in the Upload Image module , allowing an attacker to execute arbitrary web scripts or HTML in affected contexts. The C...
CVE-2023-31544
A stored cross-site scripting XSS vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module...
PT-2023-23381 · Alkacon · Alkacon Opencms
Name of the Vulnerable Software and Affected Versions: alkacon-OpenCMS version 11.0.0.0 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module. This enables...
GHSA-C8J6-GQQ8-4PRJ Alkacon OpenCMS XSS via New User module
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...
Alkacon OpenCMS XSS via New User module
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...
GHSA-Q693-V7QF-P4XJ Alkacon OpenCMS CSV Injection via New User module
Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...
Alkacon OpenCMS CSV Injection via New User module
Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...
GHSA-4GFX-P2J4-W2VH Alkacon OpenCMS XSS via title and requestedResource parameters
Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to system/workplace/views/admin/admin-main.jsp or the 2 requestedResource parameter to system/login/index.html...
de.eonas.portal.demo:content (=0.1), de.eonas.portal.demo:templates (=0.1) +101 more potentially affected by CVE-2013-4600 via org.opencms:opencms-core (>=8.0.1 <=8.5.1)
org.opencms:opencms-core MAVEN version =8.0.1, =8.5.1.1, =8.0.1, =8.0.1, =8.0.4, =8.5.0, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.5.0, =8.5.1 and more Source cves: CVE-2013-4600 Source advisory: OSV:GHSA-4GFX-P2J4-W2VH...
Alkacon OpenCMS XSS via title and requestedResource parameters
Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to system/workplace/views/admin/admin-main.jsp or the 2 requestedResource parameter to system/login/index.html...
de.eonas.portal.demo:content (=0.1), de.eonas.portal.demo:templates (=0.1) +107 more potentially affected by CVE-2015-2351 via org.opencms:opencms-core (>=8.0.1 <=9.5.1)
org.opencms:opencms-core MAVEN version =8.0.1, =8.5.1.1, =8.5.1.1, =8.0.1, =8.0.1, =8.0.4, =8.5.0, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.5.0, =8.5.2 and more Source cves: CVE-2015-2351 Source advisory: OSV:GHSA-6C8C-F2W2-JVJR...
GHSA-6C8C-F2W2-JVJR Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters
Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/helphead.jsp, 2 workplaceresource parameter to...
Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters
Multiple cross-site scripting XSS vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/helphead.jsp, 2 workplaceresource parameter to...