Alkacon Software OpenCMS 跨站脚本漏洞

Alkacon Software OpenCMS is an open source Java and XML based Content Management System CMS from Alkacon Software, Germany. The system supports template engines, WYSIWYG editors, and more. A cross-site scripting vulnerability exists in Alkacon Software OpenCMS version 16, which stems from the...

Cross site scripting

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...

CVE-2023-6380 Open Redirect in Alkacon Software OpenCms

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability i...

CVE-2023-6380 Open Redirect in Alkacon Software OpenCms

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability i...

CVE-2023-6379 Cross-site Scripting in Alkacon Software OpenCms

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...

CVE-2023-6379

Affected software: Alkacon Software Open CMS (Mercury template) v14–v15. Vulnerability: Cross-site scripting (XSS) via the Mercury template. Unauthenticated attackers can inject arbitrary JavaScript through multiple parameters on OpenCMS Mercury pages, potentially leading to session cookie theft ...

OpenCMS 10.5.3 - Cross-Site Request Forgery

OpenCMS 10.5.3 - Cross-Site Request Forgery Exploit Title: OpenCMS 10.5.3 Multiple Cross Site Request Forgery Vulnerabilities Injection Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link...

OpenCMS 10.5.3 Cross Site Scripting

Exploit Title: OpenCMS 10.5.3 Stored Cross Site Scripting Vulnerability Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...

OpenCMS 10.5.3 Cross Site Request Forgery

Exploit Title: OpenCMS 10.5.3 Multiple Cross Site Request Forgery Vulnerabilities Injection Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...

OpenCms 9.5.2 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-063 Product: OpenCms Official Maintainer: Alkacon Software GmbH Affected Versions: 9.5.2 Tested Versions: 9.5.2 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Maintainer Notification:...

Alkacon OpenCms 9.5.1 Multiple XSS Vulnerabilities

Product: OpenCms Vendor: Alkacon Software Vulnerable Versions: 9.5.1 and probably prior Tested Version: 9.5.1 Vendor Notification: Mar 05, 2015 https://github.com/alkacon/opencms-core/issues/304 Vendor Patch: Not Yet No Specific Time-line Public Disclosure: Mar 12, 2015 Vulnerability Type:...

Alkacon OpenCms 9.5.1 Cross Site Scripting

Product: OpenCms Vendor: Alkacon Software Vulnerable Versions: 9.5.1 and probably prior Tested Version: 9.5.1 Vendor Notification: Mar 05, 2015 https://github.com/alkacon/opencms-core/issues/304 Vendor Patch: Not Yet No Specific Time-line Public Disclosure: Mar 12, 2015 Vulnerability Type:...

XSS Vulnerabilities in OpenCms

Advisory ID: HTB23160 Product: OpenCms Vendor: Alkacon Software Vulnerable Versions: 8.5.1 and probably prior Tested Version: 8.5.1 Vendor Notification: June 12, 2013 Vendor Patch: July 10, 2013 Public Disclosure: July 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...

OpenCMS 8.5.1 Cross Site Scripting Vulnerability

OpenCMS version 8.5.1 suffers from a cross site scripting vulnerability. Product: OpenCms Vendor: Alkacon Software Vulnerable Versions: 8.5.1 and probably prior Tested Version: 8.5.1 Vendor Notification: June 12, 2013 Vendor Patch: July 10, 2013 Public Disclosure: July 17, 2013 Vulnerability Type...

OpenCMS 8.5.1 Cross Site Scripting

Advisory ID: HTB23160 Product: OpenCms Vendor: Alkacon Software Vulnerable Versions: 8.5.1 and probably prior Tested Version: 8.5.1 Vendor Notification: June 12, 2013 Vendor Patch: July 10, 2013 Public Disclosure: July 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...