461 matches found
OpenCMS - Cross-Site Scripting
OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability. id: CVE-2023-42343 info: name: OpenCMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability. impact: | Unauthenticated attackers...
OpenCMS 14 & 15 - Cross Site Scripting
Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. id: CVE-2023-6379 info: name: OpenCMS 14 & 15 - Cross Site Scripting author: msegoviag severity: medium description: | Cross-site scripting XSS vulnerability in Alkacon...
OpenCms 14 & 15 - Open Redirect
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template id: CVE-2023-6380 info: name: OpenCms 14 & 15 - Open Redirect author: MiguelSegoviaGil severity: medium description: | Open redirect vulnerability has been found in the Open C...
CVE-2023-42346
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
Cross-site Scripting (XSS)
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the cmis-online/type process. An attacker can execute arbitrary scripts in the context of a user's browser by...
Cross-site Scripting (XSS)
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the updateModelGroups.jsp process. An attacker can execute arbitrary scripts in the context of a user's browser by...
GHSA-PJ6P-9P8X-5MFC Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
GHSA-RCC6-6Q2F-M2CW Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
EUVD-2023-46799
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
GHSA-8GPV-C454-3HFC Alkacon OpenCms is vulnerable to XSS via cmis-online/type
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...
GHSA-2887-F3V6-6RJF Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
EUVD-2023-46797
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
XML External Entity (XXE) Injection
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process when a declaration references an external host. An attacker can access sensitive...
XML External Entity (XXE) Injection
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the cmis-online/query process. An attacker can access sensitive information by submitting specially...
Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
Alkacon OpenCms is vulnerable to XSS via cmis-online/type
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...
EUVD-2023-46796
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...
CVE-2023-42343
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...