Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the cmis-online/type process. An attacker can execute arbitrary scripts in the context of a user's browser by...

XML External Entity (XXE) Injection

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the cmis-online/query process. An attacker can access sensitive information by submitting specially...

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the updateModelGroups.jsp process. An attacker can execute arbitrary scripts in the context of a user's browser by...

XML External Entity (XXE) Injection

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process when a declaration references an external host. An attacker can access sensitive...

XML External Entity (XXE) Injection

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection insecure XML parsing of user-supplied .zip files containing manifest.xml in the Admin Import DB. An attacker...

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the text parameter in POST requests to /blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt. An attacker can...

Cross-site Scripting (XSS)

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the q parameter in the /search/index.html process. An attacker can execute arbitrary JavaScript code in a victim'...

de.eonas.portal.demo:content (=0.1), de.eonas.portal.demo:templates (=0.1) +107 more potentially affected by CVE-2024-42699 via org.opencms:opencms-core (>=8.0.1 <=9.5.3)

org.opencms:opencms-core MAVEN version =8.0.1, =8.5.1.1, =8.5.1.1, =8.0.1, =8.0.1, =8.0.4, =8.5.0, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.5.0, =8.5.2 and more Source cves: CVE-2024-42699 Source advisory: SNYK:JAVA-ORGOPENCMS-9802334...

de.eonas.portal.demo:content (=0.1), de.eonas.portal.demo:templates (=0.1) +107 more potentially affected by CVE-2024-41446 via org.opencms:opencms-core (>=8.0.1 <=9.5.3)

org.opencms:opencms-core MAVEN version =8.0.1, =8.5.1.1, =8.5.1.1, =8.0.1, =8.0.1, =8.0.4, =8.5.0, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.5.0, =8.5.2 and more Source cves: CVE-2024-41446 Source advisory: SNYK:JAVA-ORGOPENCMS-9802335...

Cross-site Scripting (XSS)

org.opencms: opencms-core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of .svg files, allowing users with the roles of gallery editor or VFS resource manager to upload images containing JavaScript code, which will be executed when another user accesse...

Cross-site Scripting (XSS)

org.opencms:opencms-core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input validation in the "title" field, allowing users with sufficient privileges to insert and execute malicious JavaScript code through the admin panel...

de.eonas.portal.demo:content (=0.1), de.eonas.portal.demo:templates (=0.1) +101 more potentially affected by CVE-2013-4600 via org.opencms:opencms-core (>=8.0.1 <=8.5.1)

org.opencms:opencms-core MAVEN version =8.0.1, =8.5.1.1, =8.0.1, =8.0.1, =8.0.4, =8.5.0, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.5.0, =8.5.1 and more Source cves: CVE-2013-4600 Source advisory: OSV:GHSA-4GFX-P2J4-W2VH...

de.eonas.portal.demo:content (=0.1), de.eonas.portal.demo:templates (=0.1) +107 more potentially affected by CVE-2015-2351 via org.opencms:opencms-core (>=8.0.1 <=9.5.1)

org.opencms:opencms-core MAVEN version =8.0.1, =8.5.1.1, =8.5.1.1, =8.0.1, =8.0.1, =8.0.4, =8.5.0, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.0.1, =8.5.0, =8.5.2 and more Source cves: CVE-2015-2351 Source advisory: OSV:GHSA-6C8C-F2W2-JVJR...

GHSA-G6V7-VQHX-6V6C XML External Entity Reference in org.opencms:opencms-core

An XML external entity XXE vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document...

Cross-site Scripting (XSS)

opencms-core is vulnerable to cross-site scripting XSS attack. The attacker can inject arbitrary script through the search engine form...

Cross-site Scripting (XSS)

opencms-core is vulnerable to cross-site scripting XSS attack. The attacker can inject arbitrary script through the login form...

Cross-site Scripting (XSS)

opencms-core is vulnerable to cross-site scripting XSS attack. The sanitization of input parameters are not done properly in system/workplace/ , allowing multiple XSS attacks in the management interface...

Local File Inclusion (LFI)

opencms-core is vulnerable to local file inclusion LFI vulnerability. It is possible because server resources such as: clearhistory.jsp, convertxml.jsp, groupnew.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp are accessible by the attacker...