3 matches found
CVE-2019-13235
CVE-2019-13235 affects Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, with a Cross-Site Scripting (XSS) flaw in the login form. Public sources describe the vulnerability as an XSS in the login workflow, with PoCs showing injection potentially via headers like X-Forwarded-For. NVD metrics list...
CVE-2019-13234
CVE-2019-13234 involves XSS in the Alkacon OpenCms Apollo Template, specifically in the search engine for OpenCms Apollo Template 10.5.4 and 10.5.5. The connected documents confirm a reflected XSS vulnerability in the search endpoint (e.g., parameter q) and also show a related XSS condition in a ...
CVE-2019-13237
CVE-2019-13237 affects Alkacon OpenCms 10.5.4 and 10.5.5, where Local File Inclusion allows access to server resources via multiple JSP endpoints (e.g., loginmessage.jsp, xmlcontentrepair.jsp, history/index.jsp, and others). The root cause is improper access control in resources such as clearhist...