Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
alkacon vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2008-1753
Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote malicious users to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510.
Alkacon Opencms 7.0.3
685
VMScore
CVE-2018-8811
Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote malicious users to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It is argued that OpenCMS al...
Alkacon Opencms 10.5.3
1 EDB exploit
355
VMScore
CVE-2018-8815
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote malicious users to inject arbitrary web script or HTML via a malicious SVG image.
Alkacon Opencms 10.5.3
1 EDB exploit
383
VMScore
CVE-2015-2351
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) workp...
Alkacon Opencms 9.5.1
435
VMScore
CVE-2008-1045
Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote malicious users to inject arbitrary web script or HTML via the resource parameter.
Alkacon Opencms 7.0.3
1 EDB exploit
435
VMScore
CVE-2008-1510
Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote malicious users to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter.
Alkacon Opencms 7.0.3
1 EDB exploit
NA
CVE-2023-37602
An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows malicious users to execute arbitrary code via uploading a crafted PNG file.
Alkacon Opencms 15.0.0
NA
CVE-2023-31544
A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.
Alkacon Opencms 11.0
383
VMScore
CVE-2009-4505
Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote malicious users to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors.
Alkacon Oamp Comments 1.0.1
NA
CVE-2019-132361
Alkacon OpenCMS version 10.5.x suffers from a cross site scripting vulnerability in its site management functionality.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »