4 matches found
CVE-2019-11819
Alkacon OpenCMS v10.5.4 and before is affected by CSV aka Excel Macro Injection in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp via the First Name or Last Name...
Alkacon OpenCMS Absolute Path Traversal via pathname in filePath.0 parameter
Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter...
Alkacon OpenCMS Absolute Path Traversal via pathname in filePath parameter
Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter...
Alkacon OpenCms XSS via query parameter in a search action
Cross-site scripting XSS vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action...