4 matches found
Alkacon OpenCMS XSS via Mercury template
Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...
PT-2023-32634 · Alkacon · Opencms
Name of the Vulnerable Software and Affected Versions: Alkacon Software Open CMS versions 14 through 15 of the 'Mercury' template Description: A cross-site scripting XSS issue affects the software, allowing a remote attacker to send a specially crafted JavaScript payload to a victim, potentially...
GHSA-W3V2-VFRJ-J9G8 Alkacon Open CMS XSS via Logfile Viewer Settings function
Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...
Alkacon Open CMS XSS via Logfile Viewer Settings function
Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...