4 matches found
CVE-2024-22910
Cross Site Scripting XSS vulnerability in CrushFTP v.10.6.0 and v.10.5.5 allows an attacker to execute arbitrary code via a crafted payload...
GHSA-36HF-6HP2-9G4C Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, groupnew.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp...
Alkacon OpenCms Cross-Site Scripting Vulnerability (CNVD-2019-40072)
OpenCms is Alkacon launched a company written in Java, an open source content management system . A cross-site scripting vulnerability exists in the login form in Alkacon OpenCms 10.5.4, 10.5.5. An attacker can exploit this vulnerability to conduct cross-site scripting attacks...
Alkacon OpenCms Local File Inclusion Vulnerability
Alkacon OpenCms is a set of open source content management system CMS developed using the Java language . A local file inclusion vulnerability exists in Alkacon OpenCms versions 10.5.4 and 10.5.5, which can be exploited by an attacker to access server resources...