GHSA-7QQR-3PJ3-Q2F5 XSS issues in the management interface

In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface...

XSS issues in the management interface

In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface...

XSS in login form

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form...

GHSA-2P6P-V69P-9MM9 XSS in login form

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form...

GHSA-36HF-6HP2-9G4C Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms

In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, groupnew.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp...

Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms

In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, groupnew.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp...

XSS in search engine

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine...

GHSA-FXP8-7H5W-H235 XSS in search engine

In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine...

Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2)

Alkacon OpenCMS 10.5.x - Cross-Site Scripting 2 Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Alkacon OpenCms Site Management Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version:...

Alkacon OpenCMS 10.5.x Cross Site Scripting

Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Alkacon OpenCms Site Management Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE :...

Alkacon OpenCMS 10.5.x - Local File inclusion

Alkacon OpenCMS 10.5.x - Local File inclusion Exploit Title: Alkacon OpenCMS 10.5.x - Multiple LFI in Alkacon OpenCms Site Management Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version:...

Alkacon OpenCMS 10.5.x - Cross-Site Scripting

Alkacon OpenCMS 10.5.x - Cross-Site Scripting Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/apollo-template Version: 10.5.x Tested on...

Alkacon OpenCMS 10.5.x Cross Site Scripting

Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/apollo-template Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE : CVE-2019-13234,...

Alkacon OpenCMS 10.5.x - Local File inclusion Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Alkacon OpenCMS 10.5.x - Multiple LFI in Alkacon OpenCms Site Management Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: 10.5.x Tested on: 10.5.5...

Alkacon OpenCMS 10.5.x Local File Inclusion

Exploit Title: Alkacon OpenCMS 10.5.x - Multiple LFI in Alkacon OpenCms Site Management Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE :...

Alkacon OpenCMS 10.5.x - Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/apollo-template Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE...

Alkacon OpenCMS 10.5.x - Cross-Site Scripting Vulnerability (2)

Exploit for multiple platform in category web applications Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Alkacon OpenCms Site Management Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: 10.5.x Tested on: 10.5.5...

Alkacon OpenCMS 10.5.x - Local File inclusion

Exploit Title: Alkacon OpenCMS 10.5.x - Multiple LFI in Alkacon OpenCms Site Management Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE :...

Alkacon OpenCMS 10.5.x - Cross-Site Scripting

Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/apollo-template Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE : CVE-2019-13234,...

Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2)

Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Alkacon OpenCms Site Management Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: 10.5.x Tested on: 10.5.5 / 10.5.4 CVE :...