468 matches found
Cross-site Scripting (XSS)
opencms-core is vulnerable to cross-site scripting XSS attack. The attacker can inject arbitrary script through the search engine form...
Cross-site Scripting (XSS)
opencms-core is vulnerable to cross-site scripting XSS attack. The attacker can inject arbitrary script through the login form...
Cross-site Scripting (XSS)
opencms-core is vulnerable to cross-site scripting XSS attack. The sanitization of input parameters are not done properly in system/workplace/ , allowing multiple XSS attacks in the management interface...
Local File Inclusion (LFI)
opencms-core is vulnerable to local file inclusion LFI vulnerability. It is possible because server resources such as: clearhistory.jsp, convertxml.jsp, groupnew.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp are accessible by the attacker...
Alkacon OpenCms Local File Inclusion Vulnerability
Alkacon OpenCms is a set of open source content management system CMS developed using the Java language . A local file inclusion vulnerability exists in Alkacon OpenCms versions 10.5.4 and 10.5.5, which can be exploited by an attacker to access server resources...
Alkacon OpenCms Cross-Site Scripting Vulnerability (CNVD-2019-40073)
OpenCms is Alkacon launched a company written in Java, an open source content management system . A cross-site scripting vulnerability exists in the search engine in Alkacon OpenCms 10.5.4, 10.5.5. An attacker can exploit this vulnerability to conduct cross-site scripting attacks...
Alkacon OpenCms Cross-Site Scripting Vulnerability (CNVD-2019-40072)
OpenCms is Alkacon launched a company written in Java, an open source content management system . A cross-site scripting vulnerability exists in the login form in Alkacon OpenCms 10.5.4, 10.5.5. An attacker can exploit this vulnerability to conduct cross-site scripting attacks...
Alkacon OpenCms Cross-Site Scripting Vulnerability (CNVD-2019-40077)
OpenCms is Alkacon launched a company written in Java, an open source content management system . Multiple reflective and stored cross-site scripting vulnerabilities exist in the administrative interface of system/workplace/ in Alkacon OpenCms 10.5.4, 10.5.5. An attacker can exploit this...
CVE-2019-13236
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface...
CVE-2019-13234
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine...
CVE-2019-13237
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, groupnew.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp...
CVE-2019-13235
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form...
CVE-2019-13236
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface...
CVE-2019-13234
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine...
CVE-2019-13237
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, groupnew.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp...
CVE-2019-13235
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form...
Cross site scripting
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface...
Code injection
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form...
Code injection
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine...
Design/Logic Flaw
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, groupnew.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp...