Opencms@* Security Vulnerabilities and Issues — Opencms@* CVE List

Lucene search

AlkaconOpencms*

11 matches found

CVE•added 2024/05/30 12:15 p.m.•63 views

CVE-2024-5521

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be exec...

6.4CVSS6.6AI score0.0023EPSS

CVE•added 2024/05/30 12:15 p.m.•56 views

CVE-2024-5520

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field.

6.4CVSS6.6AI score0.00251EPSS

CVE•added 2023/12/13 11:15 a.m.•54 views

CVE-2023-6379

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session.

6.1CVSS5.8AI score0.18616EPSS

CVE•added 2006/07/31 10:4 p.m.•50 views

CVE-2006-3933

Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body.

3.5CVSS5.3AI score0.00387EPSS

CVE•added 2006/07/31 10:4 p.m.•47 views

CVE-2006-3934

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.

4CVSS6.4AI score0.00354EPSS

CVE•added 2013/08/09 9:55 p.m.•45 views

CVE-2013-4600

Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html.

4.3CVSS5.7AI score0.00256EPSS

CVE•added 2019/05/08 4:29 p.m.•45 views

CVE-2019-11818

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the aff...

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2021/10/19 9:15 a.m.•42 views

CVE-2021-25968

In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field.

5.4CVSS5AI score0.00206EPSS

CVE•added 2023/12/13 11:15 a.m.•42 views

CVE-2023-6380

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is ...

6.1CVSS6.1AI score0.43282EPSS

CVE•added 2019/05/08 4:29 p.m.•40 views

CVE-2019-11819

Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.

7.8CVSS7.8AI score0.00203EPSS

CVE•added 2005/12/16 11:3 a.m.•39 views

CVE-2005-4294

Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page.

4.3CVSS5.9AI score0.00527EPSS