Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencms vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2008-1301
Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter.
Alkacon Opencms 7.0.3
Alkacon Opencms 7.0.4
1 EDB exploit
4.3
CVSSv2
CVE-2019-13236
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.
Alkacon Opencms 10.5.4
Alkacon Opencms 10.5.5
1 EDB exploit
4.3
CVSSv2
CVE-2019-13234
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.
Alkacon Opencms Apollo Template 10.5.4
Alkacon Opencms Apollo Template 10.5.5
1 EDB exploit
4.3
CVSSv2
CVE-2019-13235
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
Alkacon Opencms Apollo Template 10.5.4
Alkacon Opencms Apollo Template 10.5.5
1 EDB exploit
4
CVSSv2
CVE-2019-13237
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an malicious user to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/hist...
Alkacon Opencms Apollo Template 10.5.4
Alkacon Opencms Apollo Template 10.5.5
1 EDB exploit
4.3
CVSSv2
CVE-2019-11818
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an malicious user to insert arbitrary JavaScript as user input (First Name or Last Name), which will be ...
Alkacon Opencms
6.8
CVSSv2
CVE-2019-11819
Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.
Alkacon Opencms
NA
CVE-2023-6379
Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote malicious user to send a specially crafted JavaScript payload to a victim and partially take control of...
Alkacon Opencms
NA
CVE-2023-6380
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitat...
Alkacon Opencms
3.5
CVSSv2
CVE-2021-25968
In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page cont...
Alkacon Opencms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »