Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:25 a.m.8 views

CVE-2019-11819

Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...

7.8CVSS7.3AI score0.01001EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2022/05/01 11:38 p.m.7 views

Alkacon OpenCMS Absolute Path Traversal via pathname in filePath.0 parameter

Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter...

4CVSS6.2AI score0.02255EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 7:13 a.m.8 views

Alkacon OpenCMS Absolute Path Traversal via pathname in filePath parameter

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter...

4CVSS6.3AI score0.01432EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 7:0 a.m.6 views

Alkacon OpenCms XSS via query parameter in a search action

Cross-site scripting XSS vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action...

2.6CVSS5.6AI score0.01358EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder