468 matches found
CVE-2008-1300
Cross-site scripting XSS vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...
CVE-2008-1301
The CVE-2008-1301 entry concerns Alkacon OpenCms (versions 7.0.3 and 7.0.4). The vulnerability is an absolute path traversal in logfileViewSettings.jsp (path: system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp) that allows remote authenticated administrators to read arbitrary fi...
CVE-2008-1300
CVE-2008-1300 describes a cross-site scripting (XSS) vulnerability in Alkacon OpenCms, specifically in the Logfile Viewer Settings function (system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp) in OpenCms 7.0.3 and 7.0.4. The flaw allows remote attackers to inject arbitrary web s...
Alkacon OpenCms logfileViewSettings.jsp XSS, file disclosure
Alkacon OpenCms logfileViewSettings.jsp XSS, file disclosure Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a vulnerability in the Logfile Viewer Settings function. Input to Parameter filePath.0 in page opencms/system/workplace/admin/workplace/logfileview/logfileViewSettings.js...
Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp?filePath.0 Arbitrary File Access
Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp?filePath.0 Arbitrary File Access source: https://www.securityfocus.com/bid/28152/info Alkacon OpenCms is prone to multiple input-validation vulnerabilities, including one cross-site scripting issue and a file-disclosure issue, because the applicatio...
Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp?filePath Cross-Site Scripting
Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp?filePath Cross-Site Scripting source: https://www.securityfocus.com/bid/28152/info Alkacon OpenCms is prone to multiple input-validation vulnerabilities, including one cross-site scripting issue and a file-disclosure issue, because the application...
Alkacon OpenCMS 7.0.3 - 'logfileViewSettings.jsp?filePath.0' Arbitrary File Access
source: https://www.securityfocus.com/bid/28152/info Alkacon OpenCms is prone to multiple input-validation vulnerabilities, including one cross-site scripting issue and a file-disclosure issue, because the application fails to properly sanitize user-supplied input. Attackers can exploit these...
Alkacon OpenCMS 7.0.3 - 'logfileViewSettings.jsp?filePath' Cross-Site Scripting
source: https://www.securityfocus.com/bid/28152/info Alkacon OpenCms is prone to multiple input-validation vulnerabilities, including one cross-site scripting issue and a file-disclosure issue, because the application fails to properly sanitize user-supplied input. Attackers can exploit these...
CVE-2008-1045
Cross-site scripting XSS vulnerability in the file tree navigation function in system/workplace/views/explorer/treefiles.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the file tree navigation function in system/workplace/views/explorer/treefiles.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter...
CVE-2008-1045
Alkacon OpenCMS 7.0.3 contains a Cross-site Scripting (XSS) vulnerability in the file tree navigation function (system/workplace/views/explorer/tree_files.jsp). The issue allows remote attackers to inject arbitrary web script or HTML via the resource parameter. No other concrete details (such as ...
CVE-2008-1045
Cross-site scripting XSS vulnerability in the file tree navigation function in system/workplace/views/explorer/treefiles.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter...
Alkacon OpenCms tree_files.jsp resource XSS
Alkacon OpenCms treefiles.jsp resource XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the file tree navigation function. An invalid value supplied to parameter resource in page opencms/system/workplace/views/explorer/treefiles.jsp is...
alkacon-xss.txt
Alkacon OpenCms treefiles.jsp resource XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the file tree navigation function. An invalid value supplied to parameter resource in page opencms/system/workplace/views/explorer/treefiles.jsp is...
Alkacon OpenCMS 7.0.3 - tree_files.jsp Cross-Site Scripting
Alkacon OpenCMS 7.0.3 - treefiles.jsp Cross-Site Scripting source: https://www.securityfocus.com/bid/27986/info Alkacon OpenCms is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...
Alkacon OpenCMS 7.0.3 - 'tree_files.jsp' Cross-Site Scripting
source: https://www.securityfocus.com/bid/27986/info Alkacon OpenCms is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user...
CVE-2006-3933
Cross-site scripting XSS vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body...
CVE-2006-3936
system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp...
CVE-2006-3935
system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to 1 send broadcast messages to all users /workplace/broadcast, 2 list all users /accounts/users, 3 add webusers...
CVE-2006-3934
Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter...