Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alkacon opencms vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2005-4475
Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and previous versions allows remote malicious users to inject arbitrary web script or HTML via unspecified search parameters.
Alkacon Opencms 6.0.2
Alkacon Opencms 6.0.3
4.3
CVSSv2
CVE-2019-13236
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.
Alkacon Opencms 10.5.4
Alkacon Opencms 10.5.5
1 EDB exploit
4.3
CVSSv2
CVE-2019-13235
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
Alkacon Opencms Apollo Template 10.5.4
Alkacon Opencms Apollo Template 10.5.5
1 EDB exploit
4
CVSSv2
CVE-2019-13237
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an malicious user to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/hist...
Alkacon Opencms Apollo Template 10.5.4
Alkacon Opencms Apollo Template 10.5.5
1 EDB exploit
4.3
CVSSv2
CVE-2019-13234
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.
Alkacon Opencms Apollo Template 10.5.4
Alkacon Opencms Apollo Template 10.5.5
1 EDB exploit
NA
CVE-2023-6379
Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote malicious user to send a specially crafted JavaScript payload to a victim and partially take control of...
Alkacon Opencms
NA
CVE-2023-6380
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitat...
Alkacon Opencms
4.3
CVSSv2
CVE-2019-11818
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an malicious user to insert arbitrary JavaScript as user input (First Name or Last Name), which will be ...
Alkacon Opencms
3.5
CVSSv2
CVE-2021-25968
In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page cont...
Alkacon Opencms
6.8
CVSSv2
CVE-2019-11819
Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.
Alkacon Opencms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886
insecure direct object reference
CVE-2024-34342
file inclusion
CVE-2024-34562
CVE-2024-34347
CVE-2024-26026
CVE-2024-4647
unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »