464 matches found
OpenCMS - Cross-Site Scripting
OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability. id: CVE-2023-42343 info: name: OpenCMS - Cross-Site Scripting author: DhiyaneshDK severity: medium description: | OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability. impact: | Unauthenticated attackers...
OpenCMS 14 & 15 - Cross Site Scripting
Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. id: CVE-2023-6379 info: name: OpenCMS 14 & 15 - Cross Site Scripting author: msegoviag severity: medium description: | Cross-site scripting XSS vulnerability in Alkacon...
OpenCms 14 & 15 - Open Redirect
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template id: CVE-2023-6380 info: name: OpenCms 14 & 15 - Open Redirect author: MiguelSegoviaGil severity: medium description: | Open redirect vulnerability has been found in the Open C...
CVE-2023-42343
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...
CVE-2023-42345
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
CVE-2023-42344
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
CVE-2023-42346
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
GHSA-RCC6-6Q2F-M2CW Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
GHSA-PJ6P-9P8X-5MFC Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
Cross-site Scripting (XSS)
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the cmis-online/type process. An attacker can execute arbitrary scripts in the context of a user's browser by...
Cross-site Scripting (XSS)
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the updateModelGroups.jsp process. An attacker can execute arbitrary scripts in the context of a user's browser by...
EUVD-2023-46799
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
EUVD-2023-46797
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
GHSA-2887-F3V6-6RJF Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
GHSA-8GPV-C454-3HFC Alkacon OpenCms is vulnerable to XSS via cmis-online/type
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...
Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
Alkacon OpenCms is vulnerable to XSS via cmis-online/type
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...
XML External Entity (XXE) Injection
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the cmis-online/query process. An attacker can access sensitive information by submitting specially...