CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 2CVE-2018-8815 – OpenCMS 10.5.3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-8815
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image. Vulnerabilidad de Cross-Site Scripting (XSS) en la función gallery en Alkacon OpenCMS 10.5.3 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante una imagen SVG maliciosa. OpenCMS version 10.5.3 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44392 https://github.com/alkacon/opencms-core/issues/587 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 3CVE-2015-2351
https://notcve.org/view.php?id=CVE-2015-2351
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) workplaceresource parameter to system/workplace/locales/en/help/index.html, (3) path parameter to system/workplace/views/admin/admin-main.jsp, (4) mode parameter to system/workplace/views/explorer/explorer_files.jsp, or (5) query parameter in a search action to system/modules/org.opencms.workplace.help/elements/search.jsp. Múltiples vulnerabilidades XSS en Alkacon OpenCms 9.5.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) parámetro homelink a system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) parámetro workplaceresource a system/workplace/locales/en/help/index.html, (3) parámetro path system/workplace/views/admin/admin-main.jsp, (4) parámetro mode a system/workplace/views/explorer/explorer_files.jsp, or (5) parámetro query en la acción search a system/modules/org.opencms.workplace.help/elements/search.jsp. • http://packetstormsecurity.com/files/130812/Alkacon-OpenCms-9.5.1-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Mar/75 http://www.securityfocus.com/archive/1/534867/100/0/threaded http://www.securityfocus.com/bid/73112 https://github.com/alkacon/opencms-core/issues/304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 2CVE-2013-4600 – OpenCMS 8.5.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-4600
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html. Múltiples vulnerabilidades de cross-site scripting (XSS) en Alkacon OpenCms anterior a v8.5.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) “title” en system/workplace/views/admin/admin-main.jsp o en el parámetro (2) “requestedResource” en system/login/index.html OpenCMS version 8.5.1 suffers from a cross site scripting vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0113.html http://www.opencms.org/en/news/130710-opencms-v852-releasenotes.html https://github.com/alkacon/opencms-core/issues/173 https://www.htbridge.com/advisory/HTB23160 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2009-4505
https://notcve.org/view.php?id=CVE-2009-4505
Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en OpenCMS OAMP Comments Module v1.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo nombre en un comentario, y otros vecrores no especificados. • http://secunia.com/advisories/39099 http://www.csnc.ch/misc/files/advisories/CVE-2009-4505_opencms_oamp_comments_module_xss_cyrill_brunschwiler.txt http://www.securityfocus.com/archive/1/510291/100/0/threaded http://www.securityfocus.com/bid/38926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1753
https://notcve.org/view.php?id=CVE-2008-1753
Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en system/workplace/admin/workplace/sessions.jsp en Alkacon OpenCMS 7.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro searchfilter, un vector diferente de CVE-2008-1510. • http://securityreason.com/securityalert/3808 http://www.securityfocus.com/archive/1/490498/100/0/threaded http://www.securityfocus.com/archive/1/490710/100/0/threaded http://www.securityfocus.com/bid/28637 https://exchange.xforce.ibmcloud.com/vulnerabilities/41675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •