468 matches found
CVE-2023-42346
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
Alkacon OpenCMS 代码问题漏洞
Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Versions of Alkacon OpenCMS prior to 10.5.1 had code vulnerabilities. These vulnerabilities stemmed from the XXE attack on the Chemistry servlet via cmis-online/query, which could allow unauthorized remote attackers ...
CVE-2023-42346
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
CVE-2023-42346
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
CVE-2023-42343
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
XML External Entity (XXE) Injection
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection insecure XML parsing of user-supplied .zip files containing manifest.xml in the Admin Import DB. An attacker...
EUVD-2026-27401
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-38429
OpenCMS 20 and earlier are affected by a XXE flaw in the Admin Import DB feature due to insecure XML parsing of user-supplied .zip files containing a manifest.xml. The CVE describes a high-severity impact across confidentiality, integrity, and availability (CVSS v3.1: CRITICAL, 9.8). The root cau...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
CVE-2026-38429
OpenCMS v20 and before is vulnerable to XML External Entity XXE in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml...
PT-2026-37087
Name of the Vulnerable Software and Affected Versions OpenCMS versions prior to 21 Description The Admin Import DB feature is susceptible to XML External Entity XXE, a flaw where an application processes XML input containing a reference to an external entity, potentially allowing unauthorized...
opencms 安全漏洞
OpenCms is a CMS system developed by Fumiao as an individual developer. OpenCms v20 and earlier versions had security vulnerabilities, which stemmed from insecure XML parsing in the Admin Import DB function. The manifest.xml file provided by users in .zip files could lead to XML external entity...
Cross-site Scripting (XSS)
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the text parameter in POST requests to /blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt. An attacker can...
Cross-site Scripting (XSS)
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the q parameter in the /search/index.html process. An attacker can execute arbitrary JavaScript code in a victim'...
CVE-2026-2735
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...
CVE-2026-2736
Reflected Cross-site Scripting XSS in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ parameter in ‘/search/index.html’. This vulnerability can be exploited to steal sensitive user...
CVE-2026-2735
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...