468 matches found
Alkacon OpenCMS 7.x - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/35979/info OpenCms is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an authenticated attacker to obtain sensitive information, steal cookie-based...
Cross site scripting
Cross-site scripting XSS vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510...
CVE-2008-1753
Cross-site scripting XSS vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510...
CVE-2008-1753
CVE-2008-1753 is an XSS vulnerability in Alkacon OpenCMS 7.0.3, specifically in system/workplace/admin/workplace/sessions.jsp where the searchfilter parameter is not properly sanitized. The issue (different vector from CVE-2008-1510) allows remote attackers to inject arbitrary script/HTML, as doc...
CVE-2008-1753
Cross-site scripting XSS vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510...
alkaconsessions-xss.txt
Alkacon OpenCms sessions.jsp searchfilter XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the active session reporting function. Input to parameter searchfilter in page opencms/system/workplace/admin/workplace/sessions.jsp is not...
Alkacon OpenCms sessions.jsp searchfilter XSS
Alkacon OpenCms sessions.jsp searchfilter XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the active session reporting function. Input to parameter searchfilter in page opencms/system/workplace/admin/workplace/sessions.jsp is not...
CVE-2008-1510
Cross-site scripting XSS vulnerability in system/workplace/admin/accounts/userslist.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the 1 searchfilter or 2 listSearchFilter parameter...
CVE-2008-1510
CVE-2008-1510 describes a Cross-site scripting (XSS) vulnerability in Alkacon OpenCMS 7.0.3, specifically in the page system/workplace/admin/accounts/users_list.jsp. An attacker can inject arbitrary script/HTML via the (1) searchfilter or (2) listSearchFilter parameters, potentially affecting use...
CVE-2008-1510
Cross-site scripting XSS vulnerability in system/workplace/admin/accounts/userslist.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the 1 searchfilter or 2 listSearchFilter parameter...
Alkacon OpenCms users_list.jsp searchfilter XSS
Alkacon OpenCms userslist.jsp searchfilter XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the user management function. Input to parameter searchfilter in page opencms/system/workplace/admin/accounts/userslist.jsp is not sufficiently...
Alkacon OpenCMS 7.0.3 - users_list.jsp Multiple Cross-Site Scripting Vulnerabilities
Alkacon OpenCMS 7.0.3 - userslist.jsp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/28411/info Alkacon OpenCms is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker ma...
alkaconopencms-xss.txt
Alkacon OpenCms userslist.jsp searchfilter XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the user management function. Input to parameter searchfilter in page opencms/system/workplace/admin/accounts/userslist.jsp is not sufficiently...
Alkacon OpenCMS 7.0.3 - 'users_list.jsp' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/28411/info Alkacon OpenCms is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...
alkacon-xssdisclose.txt
Alkacon OpenCms logfileViewSettings.jsp XSS, file disclosure Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a vulnerability in the Logfile Viewer Settings function. Input to Parameter filePath.0 in page opencms/system/workplace/admin/workplace/logfileview/logfileViewSettings.js...
CVE-2008-1300
Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...
Path traversal
Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...
CVE-2008-1301
Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter...
CVE-2008-1301
Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter...