468 matches found
CVE-2026-2736 Reflected Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms
Reflected Cross-site Scripting XSS in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ parameter in ‘/search/index.html’. This vulnerability can be exploited to steal sensitive user...
CVE-2026-2736
Alkacon OpenCms 18.0 is affected by CVE-2026-2736: a reflected XSS vulnerability exploitable by sending a user a malicious URL containing the q parameter in /search/index.html. The issue allows execution of JavaScript in the victim’s browser, enabling potential access to session cookies or action...
CVE-2026-2736 Reflected Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms
Reflected Cross-site Scripting XSS in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ parameter in ‘/search/index.html’. This vulnerability can be exploited to steal sensitive user...
CVE-2026-2736
Reflected Cross-site Scripting XSS in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ parameter in ‘/search/index.html’. This vulnerability can be exploited to steal sensitive user...
CVE-2026-2735 Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...
CVE-2026-2735 Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...
CVE-2026-2735
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...
CVE-2026-2735
CVE-2026-2735 describes a Stored XSS in Alkacon’s OpenCms v18.0. The vulnerability occurs when user input is not properly validated in a POST request to /blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt using the text parameter. According to the record, the impact is limited to the vulnerab...
PT-2026-20772
Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...
Alkacon OpenCMS 跨站脚本漏洞
Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Version 18.0 of Alkacon OpenCMS contains a cross-site scripting vulnerability. This vulnerability arises from improper input validation of the text parameter when sending a POST request to...
Alkacon OpenCMS 跨站脚本漏洞
Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Version 18.0 of Alkacon OpenCMS contains a cross-site scripting vulnerability. This vulnerability arises from the unvalidated q parameter in the/search/index.html file, which may lead to reflective cross-site scripti...
PT-2026-20773
Reflected Cross-site Scripting XSS in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ parameter in ‘/search/index.html’. This vulnerability can be exploited to steal sensitive user...
OpenCMS - XML external entity (XXE)
users can execute code without authentication. An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are...
CVE-2024-41447
A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...
EUVD-2013-4456
Malware in sbrugna...
EUVD-2021-12806
Malware in sbrugna...
EUVD-2009-4471
Malware in sbrugna...
EUVD-2005-4470
Malware in sbrugna...
EUVD-2006-3929
Malware in sbrugna...
EUVD-2008-1308
Malware in sbrugna...