468 matches found
Cross-site Scripting (XSS)
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the updateModelGroups.jsp process. An attacker can execute arbitrary scripts in the context of a user's browser by...
XML External Entity (XXE) Injection
Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the cmis-online/query process. An attacker can access sensitive information by submitting specially...
CVE-2023-42344
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
CVE-2023-42343
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...
CVE-2023-42345
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
CVE-2023-42346
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
CVE-2023-42346
CVE-2023-42346 affects Alkacon OpenCms before version 16, where an external-hosted DOCTYPE can trigger a server-side XML External Entity (XXE) vulnerability. The root cause is improper handling of external entities in XML processing, leading to potential exposure of confidential data (CVSS 3.1 ba...
CVE-2023-42345
Affected product: Alkacon OpenCms before 16. Vulnerability: Cross Site Scripting via updateModelGroups.jsp. Root cause not detailed in the provided documents. Impact aligned with CVSS: 6.1 (Medium) with user interaction required. Exploitation status not provided in the sources. No remediation/pat...
CVE-2023-42344
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
CVE-2023-42345
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
CVE-2023-42344
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet...
Alkacon OpenCMS 跨站脚本漏洞
Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Versions of Alkacon OpenCMS prior to 10.5.1 had a cross-site scripting vulnerability, which was caused by the cmis-online/type module being vulnerable to cross-site scripting attacks...
Alkacon OpenCMS 安全漏洞
Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Previous versions of Alkacon OpenCMS, such as OpenCMS 16, had security vulnerabilities. These vulnerabilities stemmed from XXE attacks when DOCTYPE references external hosts...
Alkacon OpenCMS 跨站脚本漏洞
Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Versions of Alkacon OpenCMS prior to version 16 contained a cross-site scripting vulnerability, which was caused by the updateModelGroups.jsp file allowing for cross-site scripting attacks...
CVE-2023-42346
Alkacon OpenCms before 16 allows XXE when the refers to an external host...
CVE-2023-42343
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type...
EUVD-2023-46798
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
CVE-2023-42345
A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp...
Alkacon OpenCMS 代码问题漏洞
Alkacon OpenCMS is a content management system developed by Alkacon Corporation. Versions of Alkacon OpenCMS prior to 10.5.1 had code vulnerabilities. These vulnerabilities stemmed from the XXE attack on the Chemistry servlet via cmis-online/query, which could allow unauthorized remote attackers ...
CVE-2023-42346
Alkacon OpenCms before 16 allows XXE when the refers to an external host...