Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alkacon opencms vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2008-1300
Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote malicious users to inject arbitrary web script or HTML via the filePath.0 para...
Alkacon Opencms 7.0.3
Alkacon Opencms 7.0.4
1 EDB exploit
435
VMScore
CVE-2019-13236
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.
Alkacon Opencms 10.5.4
Alkacon Opencms 10.5.5
1 EDB exploit
435
VMScore
CVE-2019-13235
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
Alkacon Opencms Apollo Template 10.5.4
Alkacon Opencms Apollo Template 10.5.5
1 EDB exploit
435
VMScore
CVE-2019-13234
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.
Alkacon Opencms Apollo Template 10.5.4
Alkacon Opencms Apollo Template 10.5.5
1 EDB exploit
405
VMScore
CVE-2019-13237
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an malicious user to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/hist...
Alkacon Opencms Apollo Template 10.5.4
Alkacon Opencms Apollo Template 10.5.5
1 EDB exploit
NA
CVE-2023-6379
Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote malicious user to send a specially crafted JavaScript payload to a victim and partially take control of...
Alkacon Opencms
NA
CVE-2023-6380
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitat...
Alkacon Opencms
605
VMScore
CVE-2019-11819
Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.
Alkacon Opencms
312
VMScore
CVE-2021-25968
In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page cont...
Alkacon Opencms
383
VMScore
CVE-2019-11818
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an malicious user to insert arbitrary JavaScript as user input (First Name or Last Name), which will be ...
Alkacon Opencms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »