Bloomreach Experience Manager 跨站脚本漏洞

Bloomreach Experience Manager is an application from Bloomreach USA. which provides AI-driven search and merchandising tools. A cross-site scripting vulnerability exists in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2, which stems from the loginmessage parameter allowing XSS in the log...

CVE-2019-13237

In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, groupnew.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp...