Page 2 of 15 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a different vector than CVE-2008-1045. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función Logfile Viewer Settings de system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp en Alkacon OpenCms 7.0.3 y 7.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro filePath.0 en una acción save, un vector diferente a CVE-2008-1045. • https://www.exploit-db.com/exploits/31365 http://secunia.com/advisories/29278 http://securityreason.com/securityalert/3731 http://www.securityfocus.com/archive/1/489291/100/0/threaded http://www.securityfocus.com/bid/28152 https://exchange.xforce.ibmcloud.com/vulnerabilities/41095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 1%CPEs: 2EXPL: 2

Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter. Vulnerabilidad de salto de directorio absoluto en system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp de Alkacon OpenCms 7.0.3 y 7.0.4 permite a administradores autentificados remotamente leer archivos de su elección a través de un nombre de ruta completo (pathname) en el parámetro filePath.0. • https://www.exploit-db.com/exploits/31366 http://secunia.com/advisories/29278 http://securityreason.com/securityalert/3731 http://www.securityfocus.com/archive/1/489291/100/0/threaded http://www.securityfocus.com/bid/28152 https://exchange.xforce.ibmcloud.com/vulnerabilities/41096 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función de navegación del árbol de ficheros de system/workplace/views/explorer/tree_files.jsp en Alkacon OpenCMS 7.0.3 permite a atacantes remotos inyectar web script o HMTL de su elección a través del parámetro resource. • https://www.exploit-db.com/exploits/31299 http://secunia.com/advisories/29121 http://securityreason.com/securityalert/3702 http://www.securityfocus.com/archive/1/488708/100/0/threaded http://www.securityfocus.com/bid/27986 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 2

Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Alkacon OpenCms before 6.2.2 permite a atacantes remotos autenticados inyectar secuencias de comandos web o HTML de su elección mediante el cuerpo del mensaje. • http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt http://secunia.com/advisories/21193 http://securityreason.com/securityalert/1302 http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip http://www.opencms.org/opencms/en/shownews.html?id=1002 http://www.securityfocus.com/archive/1/441182/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/28033 •

CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 2

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter. Vulnerabilidad de cruce de ruta absoluta en downloadTrigger.jsp en Alkacon OpenCms anterior a 6.2.2 permite a usuarios remotos autenticados bajarse ficheros de su elección mediante un nombre de ruta absoluto en el parámetro filePath. • http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt http://secunia.com/advisories/21193 http://securityreason.com/securityalert/1302 http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip http://www.opencms.org/opencms/en/shownews.html?id=1002 http://www.securityfocus.com/archive/1/441182/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/28000 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •