Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2023/12/13 12:30 p.m.7 views

Alkacon OpenCMS XSS via Mercury template

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...

6.1CVSS6.3AI score0.01767EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/13 12:0 a.m.4 views

PT-2023-32634 · Alkacon · Opencms

Name of the Vulnerable Software and Affected Versions: Alkacon Software Open CMS versions 14 through 15 of the 'Mercury' template Description: A cross-site scripting XSS issue affects the software, allowing a remote attacker to send a specially crafted JavaScript payload to a victim, potentially...

6.1CVSS6.1AI score0.01767EPSS
Exploits0References11
OSV
OSV
added 2022/05/01 11:38 p.m.3 views

GHSA-W3V2-VFRJ-J9G8 Alkacon Open CMS XSS via Logfile Viewer Settings function

Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...

5.3CVSS6AI score0.01511EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/01 11:38 p.m.7 views

Alkacon Open CMS XSS via Logfile Viewer Settings function

Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...

4.3CVSS5.4AI score0.01511EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder