Alkacon OpenCMS XSS via searchfilter parameter in system/workplace/admin/workplace/sessions.jsp

Cross-site scripting XSS vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510...

GHSA-4R3G-W24C-GPR6 Alkacon OpenCMS XSS via searchfilter parameter in system/workplace/admin/workplace/sessions.jsp

Cross-site scripting XSS vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510...

GHSA-4FG8-5HWC-WG5V Alkacon OpenCMS XSS via searchfilter or listSearchFilter parameter

Cross-site scripting XSS vulnerability in system/workplace/admin/accounts/userslist.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the 1 searchfilter or 2 listSearchFilter parameter...

Alkacon OpenCMS XSS via searchfilter or listSearchFilter parameter

Cross-site scripting XSS vulnerability in system/workplace/admin/accounts/userslist.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the 1 searchfilter or 2 listSearchFilter parameter...

Alkacon OpenCMS Absolute Path Traversal via pathname in filePath.0 parameter

Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter...

GHSA-XXJJ-JHGC-R68F Alkacon OpenCMS Absolute Path Traversal via pathname in filePath.0 parameter

Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter...

GHSA-V965-WWRQ-GXFG Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp

Cross-site scripting XSS vulnerability in the file tree navigation function in system/workplace/views/explorer/treefiles.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter...

Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp

Cross-site scripting XSS vulnerability in the file tree navigation function in system/workplace/views/explorer/treefiles.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter...

Alkacon OpenCms Exposes JSP Source Code

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp...

Alkacon OpenCMS Improper Access Control via system/workplace/views/admin/admin-main.jsp

system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to 1 send broadcast messages to all users /workplace/broadcast, 2 list all users /accounts/users, 3 add webusers...

GHSA-V3C3-QR6M-8M7M Alkacon OpenCMS Improper Access Control via system/workplace/views/admin/admin-main.jsp

system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to 1 send broadcast messages to all users /workplace/broadcast, 2 list all users /accounts/users, 3 add webusers...

GHSA-C5VW-342H-X5RX Alkacon OpenCms Exposes JSP Source Code

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp...

Alkacon OpenCms XSS via unsanitized message body

Cross-site scripting XSS vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body...

GHSA-64HC-4JX3-62JP Alkacon OpenCMS Absolute Path Traversal via pathname in filePath parameter

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter...

GHSA-GJ9C-69CM-7C37 Alkacon OpenCms XSS via unsanitized message body

Cross-site scripting XSS vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body...

Alkacon OpenCMS Absolute Path Traversal via pathname in filePath parameter

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter...

Alkacon OpenCms XSS via query parameter in a search action

Cross-site scripting XSS vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action...

GHSA-PMFX-P95X-CG4P Alkacon OpenCms XSS via query parameter in a search action

Cross-site scripting XSS vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action...

Alkacon OpenCms XSS via username during login

Cross-site scripting XSS vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page...

GHSA-G4FC-J79Q-GJRH Alkacon OpenCms XSS via username during login

Cross-site scripting XSS vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page...