Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-1045
Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote malicious users to inject arbitrary web script or HTML via the resource parameter.
Alkacon Opencms 7.0.3
1 EDB exploit
8.8
CVSSv3
CVE-2018-8811
Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote malicious users to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It is argued that OpenCMS al...
Alkacon Opencms 10.5.3
1 EDB exploit
4.6
CVSSv3
CVE-2018-8815
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote malicious users to inject arbitrary web script or HTML via a malicious SVG image.
Alkacon Opencms 10.5.3
1 EDB exploit
NA
CVE-2008-1753
Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote malicious users to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510.
Alkacon Opencms 7.0.3
6.1
CVSSv3
CVE-2023-37602
An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows malicious users to execute arbitrary code via uploading a crafted PNG file.
Alkacon Opencms 15.0.0
5.4
CVSSv3
CVE-2023-31544
A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.
Alkacon Opencms 11.0
NA
CVE-2015-2351
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) workp...
Alkacon Opencms 9.5.1
NA
CVE-2008-1510
Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote malicious users to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter.
Alkacon Opencms 7.0.3
1 EDB exploit
NA
CVE-2013-46001
OpenCMS version 8.5.1 suffers from a cross site scripting vulnerability.
NA
CVE-2019-132351
Alkacon OpenCMS version 10.5.x suffers from multiple cross site scripting vulnerabilities in the Apollo Template.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »