Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alkacon opencms vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2018-8811
Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote malicious users to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It is argued that OpenCMS al...
Alkacon Opencms 10.5.3
1 EDB exploit
4.3
CVSSv2
CVE-2008-1510
Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote malicious users to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter.
Alkacon Opencms 7.0.3
1 EDB exploit
4.3
CVSSv2
CVE-2008-1753
Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote malicious users to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510.
Alkacon Opencms 7.0.3
4.3
CVSSv2
CVE-2008-1045
Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote malicious users to inject arbitrary web script or HTML via the resource parameter.
Alkacon Opencms 7.0.3
1 EDB exploit
4.3
CVSSv2
CVE-2015-2351
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) workp...
Alkacon Opencms 9.5.1
NA
CVE-2023-31544
A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.
Alkacon Opencms 11.0
NA
CVE-2023-37602
An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows malicious users to execute arbitrary code via uploading a crafted PNG file.
Alkacon Opencms 15.0.0
3.5
CVSSv2
CVE-2018-8815
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote malicious users to inject arbitrary web script or HTML via a malicious SVG image.
Alkacon Opencms 10.5.3
1 EDB exploit
4.3
CVSSv2
CVE-2009-4505
Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote malicious users to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors.
Alkacon Oamp Comments 1.0.1
NA
CVE-2019-132351
Alkacon OpenCMS version 10.5.x suffers from multiple cross site scripting vulnerabilities in the Apollo Template.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »