Opencms Security Vulnerabilities and Issues — Opencms CVE List

Lucene search

AlkaconOpencms

11 matches found

CVE•added 2018/03/20 7:29 a.m.•56 views

CVE-2018-8815

Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.

4.6CVSS4.5AI score0.00194EPSS

CVE•added 2006/07/31 10:4 p.m.•47 views

CVE-2006-3934

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.

4CVSS6.4AI score0.00354EPSS

CVE•added 2006/07/31 10:4 p.m.•47 views

CVE-2006-3936

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.

4CVSS6.5AI score0.00404EPSS

CVE•added 2008/03/25 11:44 p.m.•45 views

CVE-2008-1510

Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter.

4.3CVSS5.5AI score0.00346EPSS

CVE•added 2013/08/09 9:55 p.m.•45 views

CVE-2013-4600

Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html.

4.3CVSS5.7AI score0.00256EPSS

CVE•added 2008/03/12 5:44 p.m.•43 views

CVE-2008-1301

Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter.

4CVSS6.3AI score0.01916EPSS

CVE•added 2015/03/19 2:59 p.m.•42 views

CVE-2015-2351

Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) workplaceresource parameter to system/wo...

4.3CVSS5.9AI score0.004EPSS

CVE•added 2005/12/16 11:3 a.m.•39 views

CVE-2005-4294

Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page.

4.3CVSS5.9AI score0.00527EPSS

CVE•added 2008/02/27 7:44 p.m.•39 views

CVE-2008-1045

Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter.

4.3CVSS5.7AI score0.0029EPSS

CVE•added 2008/04/11 9:5 p.m.•38 views

CVE-2008-1753

Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510.

4.3CVSS5.5AI score0.00346EPSS

CVE•added 2008/03/12 5:44 p.m.•37 views

CVE-2008-1300

Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a...

4.3CVSS5.7AI score0.00334EPSS