NotCVE - vendor:"Alkacon" product:"Opencms" version:" <= 10.5.4"

Page 2 of 20 results (0.003 seconds)

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 2

CVE-2018-8815 – OpenCMS 10.5.3 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-8815

Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image. Vulnerabilidad de Cross-Site Scripting (XSS) en la función gallery en Alkacon OpenCMS 10.5.3 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante una imagen SVG maliciosa. OpenCMS version 10.5.3 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44392 https://github.com/alkacon/opencms-core/issues/587 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 3

CVE-2015-2351

https://notcve.org/view.php?id=CVE-2015-2351

Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) workplaceresource parameter to system/workplace/locales/en/help/index.html, (3) path parameter to system/workplace/views/admin/admin-main.jsp, (4) mode parameter to system/workplace/views/explorer/explorer_files.jsp, or (5) query parameter in a search action to system/modules/org.opencms.workplace.help/elements/search.jsp. Múltiples vulnerabilidades XSS en Alkacon OpenCms 9.5.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) parámetro homelink a system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) parámetro workplaceresource a system/workplace/locales/en/help/index.html, (3) parámetro path system/workplace/views/admin/admin-main.jsp, (4) parámetro mode a system/workplace/views/explorer/explorer_files.jsp, or (5) parámetro query en la acción search a system/modules/org.opencms.workplace.help/elements/search.jsp. • http://packetstormsecurity.com/files/130812/Alkacon-OpenCms-9.5.1-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Mar/75 http://www.securityfocus.com/archive/1/534867/100/0/threaded http://www.securityfocus.com/bid/73112 https://github.com/alkacon/opencms-core/issues/304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 2

CVE-2013-4600 – OpenCMS 8.5.1 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2013-4600

Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html. Múltiples vulnerabilidades de cross-site scripting (XSS) en Alkacon OpenCms anterior a v8.5.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) “title” en system/workplace/views/admin/admin-main.jsp o en el parámetro (2) “requestedResource” en system/login/index.html OpenCMS version 8.5.1 suffers from a cross site scripting vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0113.html http://www.opencms.org/en/news/130710-opencms-v852-releasenotes.html https://github.com/alkacon/opencms-core/issues/173 https://www.htbridge.com/advisory/HTB23160 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

CVE-2008-1753

https://notcve.org/view.php?id=CVE-2008-1753

Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en system/workplace/admin/workplace/sessions.jsp en Alkacon OpenCMS 7.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro searchfilter, un vector diferente de CVE-2008-1510. • http://securityreason.com/securityalert/3808 http://www.securityfocus.com/archive/1/490498/100/0/threaded http://www.securityfocus.com/archive/1/490710/100/0/threaded http://www.securityfocus.com/bid/28637 https://exchange.xforce.ibmcloud.com/vulnerabilities/41675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2008-1510 – Alkacon OpenCMS 7.0.3 - 'users_list.jsp' Multiple Cross-Site Scripting Vulnerabilities

https://notcve.org/view.php?id=CVE-2008-1510

Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en system/workplace/admin/accounts/users_list.jsp de Alkacon OpenCMS 7.0.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) searchfilter o del parámetro (2) listSearchFilter. • https://www.exploit-db.com/exploits/31475 http://securityreason.com/securityalert/3777 http://www.securityfocus.com/archive/1/489984/100/0/threaded http://www.securityfocus.com/bid/28411 https://exchange.xforce.ibmcloud.com/vulnerabilities/41390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4