Lucene search
K

468 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:25 a.m.8 views

CVE-2019-11819

Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...

7.8CVSS7.3AI score0.01001EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:22 a.m.7 views

CVE-2019-13237

In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, groupnew.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp...

4.3CVSS6.8AI score0.07346EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/04/26 5:20 a.m.8 views

CVE-2025-28099

opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,...

4.3CVSS6.8AI score0.00347EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/26 4:46 a.m.34 views

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

5.4CVSS5.5AI score0.00228EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/26 4:39 a.m.17 views

CVE-2024-42699

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

6.5CVSS6.5AI score0.00312EPSS
Exploits1References1
OSV
OSV
added 2025/04/21 5:15 p.m.3 views

CVE-2025-28099

opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,...

4.3CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2025/04/21 5:15 p.m.23 views

CVE-2025-28099

opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,...

4.3CVSS0.00347EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/04/21 3:31 p.m.8 views

de.eonas.portal.demo:content (=0.1), de.eonas.portal.demo:templates (=0.1) +107 more potentially affected by CVE-2024-42699 via org.opencms:opencms-core (>=8.0.1 <=9.5.3)

org.opencms:opencms-core MAVEN version =8.0.1, =8.5.1.1, =8.5.1.1, =8.0.1, =8.0.1, =8.0.4, =8.5.0, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.5.0, =8.5.2 and more Source cves: CVE-2024-42699 Source advisory: SNYK:JAVA-ORGOPENCMS-9802334...

6.5CVSS5.8AI score0.00312EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2025/04/21 3:31 p.m.24 views

OpenCMS Cross-Site Scripting vulnerability

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

6.5CVSS6.5AI score0.00312EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2025/04/21 3:31 p.m.7 views

de.eonas.portal.demo:content (=0.1), de.eonas.portal.demo:templates (=0.1) +107 more potentially affected by CVE-2024-41446 via org.opencms:opencms-core (>=8.0.1 <=9.5.3)

org.opencms:opencms-core MAVEN version =8.0.1, =8.5.1.1, =8.5.1.1, =8.0.1, =8.0.1, =8.0.4, =8.5.0, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.5.0, =8.5.2 and more Source cves: CVE-2024-41446 Source advisory: SNYK:JAVA-ORGOPENCMS-9802335...

5.4CVSS5.8AI score0.00228EPSS
Exploits1
OSV
OSV
added 2025/04/21 3:31 p.m.1 views

GHSA-7M3W-M5G3-CC88 OpenCMS cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

5.4CVSS6AI score0.00228EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/04/21 3:31 p.m.19 views

OpenCMS cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

5.4CVSS5.5AI score0.00228EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/04/21 3:15 p.m.39 views

CVE-2024-42699

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

6.5CVSS0.00312EPSS
Exploits1References1
NVD
NVD
added 2025/04/21 2:15 p.m.51 views

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

5.4CVSS0.00228EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/21 12:0 a.m.12 views

CVE-2025-28099

opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,...

0.00347EPSS
Exploits1References2
CVE
CVE
added 2025/04/21 12:0 a.m.46 views

CVE-2025-28099

Opencms 2.3 is affected by CVE-2025-28099, a vulnerability in src/main/webapp/view/admin/document/dataPage.jsp that allows Arbitrary file read. The issue stems from the dataPage.jsp handling untrusted input, enabling retrieval of files outside the intended scope. Public references in multiple fee...

4.3CVSS6.8AI score0.00347EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/21 12:0 a.m.4 views

CVE-2025-28099

opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,...

7AI score0.00347EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/04/21 12:0 a.m.13 views

PT-2025-17452 · Opencms · Opencms

Name of the Vulnerable Software and Affected Versions: opencms version 2.3 Description: The issue allows for Arbitrary file read in the src/main/webapp/view/admin/document/dataPage.jsp file. Recommendations: For opencms version 2.3, as a temporary workaround, consider restricting access to the...

4.3CVSS6.1AI score0.00347EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/04/21 12:0 a.m.5 views

Alkacon OpenCMS 安全漏洞

Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from cross-site scripting in the title subfield of the image field in the Create/Modify article function, which could lead to the injection of a javascript...

6.5CVSS6.2AI score0.00312EPSS
Exploits1References1
CVE
CVE
added 2025/04/21 12:0 a.m.65 views

CVE-2024-42699

Summary: CVE-2024-42699 is a Cross-Site Scripting (XSS) vulnerability in Alkacon OpenCMS 17.0, exploitable via the Create/Modify article image field title sub-field. The root cause is insufficient input sanitization allowing an attacker to inject JavaScript that is stored and later reflected to u...

6.5CVSS6.6AI score0.00312EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder