468 matches found
CVE-2021-25968
In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field...
CVE-2021-25968
In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field...
Cross site scripting
In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field...
CVE-2021-25968 OpenCMS - Stored Cross-Site Scripting (XSS) in Sitemap
In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field...
CVE-2021-25968
OpenCMS versions 10.5.0–11.0.2 are affected by a stored XSS in the Sitemap functionality. Low-privileged application users can store malicious scripts, which execute in a victim’s browser when the vulnerable page is opened. Exploitation details or patches are not provided in the supplied documents.
CVE-2021-25968 OpenCMS - Stored Cross-Site Scripting (XSS) in Sitemap
In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field...
Alkacon Software OpenCms 跨站脚本漏洞
Alkacon Software OpenCms is a professional, open source, easy-to-use web content management system from Alkacon Software, Germany. A cross-site scripting vulnerability exists in Alkacon Software OpenCMS versions 10.5.0 through 11.0.2, which allows a user with a low-privileged application to store...
XML External Entity Reference in org.opencms:opencms-core
An XML external entity XXE vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document...
GHSA-G6V7-VQHX-6V6C XML External Entity Reference in org.opencms:opencms-core
An XML external entity XXE vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document...
Alkacon OpenCms XML External Entity Vulnerability
Alkacon OpenCms is an open source content management system CMS developed in Java.Alkacon OpenCms is vulnerable to an XML external entity vulnerability that can be exploited by attackers to steal files from the server's file system by uploading crafted SVG documents...
CVE-2021-3312
An XML external entity XXE vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document...
CVE-2021-3312
An XML external entity XXE vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document...
Xxe
An XML external entity XXE vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document...
CVE-2021-3312
An XML external entity XXE vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document...
CVE-2021-3312
CVE-2021-3312 describes an XML External Entity (XXE) vulnerability in Alkacon OpenCms (11.0, 11.0.1, 11.0.2). The underlying issue allows remote authenticated users with edit privileges to exfiltrate files from the server’s filesystem by uploading a crafted SVG document. The vulnerability is tied...
Alkacon OpenCms 代码问题漏洞
Alkacon OpenCms is an open source content management system CMS developed in Java.Alkacon OpenCms is vulnerable to an XML external entity vulnerability that can be exploited by attackers to steal files from the server's file system by uploading crafted SVG documents...
OpenCMS 11.0.2 Cross Site Request Forgery / Open Redirection
OpenCMS v11.0.2 -------------------------------------------------------------------------------------------------------------------------------------------------- CSRF - Login page vulnerable https://vulnerablehost.com/system/login - CSRF needs valid JSESSIONID to work, maybe logged Admin user...
OpenCMS 11.0.2 Cross Site Request Forgery / Open Redirection Vulnerability
OpenCMS v11.0.2 -------------------------------------------------------------------------------------------------------------------------------------------------- CSRF - Login page vulnerable https://vulnerablehost.com/system/login - CSRF needs valid JSESSIONID to work, maybe logged Admin user...
XML Entity Injection Vulnerability in Alkacon OpenCms
Alkacon OpenCms is a set of open source content management system CMS developed using the Java language . Alkacon OpenCms suffers from an XML entity injection vulnerability that can be exploited by an attacker to access server resources...
opencms.996256.n3.nabble.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1185476 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...