Alkacon OpenCMS 7.0.3 - 'logfileViewSettings.jsp?filePath' Cross-Site Scripting

Related Vulnerabilities: CVE-2008-1300  
Publish Date: 08 Mar 2008
Author: nnposter

Alkacon OpenCms is prone to multiple input-validation vulnerabilities, including one cross-site scripting issue and a file-disclosure issue, because the application fails to properly sanitize user-supplied input.

Attackers can exploit these issues to steal cookie-based authentication credentials, to control how the site is rendered to the user, or to obtain information that could aid in further attacks.

OpenCms 7.0.3 is vulnerable; other versions may also be affected.