CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1510 – Alkacon OpenCMS 7.0.3 - 'users_list.jsp' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1510
Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en system/workplace/admin/accounts/users_list.jsp de Alkacon OpenCMS 7.0.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) searchfilter o del parámetro (2) listSearchFilter. • https://www.exploit-db.com/exploits/31475 http://securityreason.com/securityalert/3777 http://www.securityfocus.com/archive/1/489984/100/0/threaded http://www.securityfocus.com/bid/28411 https://exchange.xforce.ibmcloud.com/vulnerabilities/41390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2008-1300 – Alkacon OpenCMS 7.0.3 - 'logfileViewSettings.jsp?filePath' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1300
Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a different vector than CVE-2008-1045. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función Logfile Viewer Settings de system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp en Alkacon OpenCms 7.0.3 y 7.0.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro filePath.0 en una acción save, un vector diferente a CVE-2008-1045. • https://www.exploit-db.com/exploits/31365 http://secunia.com/advisories/29278 http://securityreason.com/securityalert/3731 http://www.securityfocus.com/archive/1/489291/100/0/threaded http://www.securityfocus.com/bid/28152 https://exchange.xforce.ibmcloud.com/vulnerabilities/41095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 1%CPEs: 2EXPL: 2CVE-2008-1301 – Alkacon OpenCMS 7.0.3 - 'logfileViewSettings.jsp?filePath.0' Arbitrary File Access
https://notcve.org/view.php?id=CVE-2008-1301
Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter. Vulnerabilidad de salto de directorio absoluto en system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp de Alkacon OpenCms 7.0.3 y 7.0.4 permite a administradores autentificados remotamente leer archivos de su elección a través de un nombre de ruta completo (pathname) en el parámetro filePath.0. • https://www.exploit-db.com/exploits/31366 http://secunia.com/advisories/29278 http://securityreason.com/securityalert/3731 http://www.securityfocus.com/archive/1/489291/100/0/threaded http://www.securityfocus.com/bid/28152 https://exchange.xforce.ibmcloud.com/vulnerabilities/41096 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1045 – Alkacon OpenCMS 7.0.3 - 'tree_files.jsp' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-1045
Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función de navegación del árbol de ficheros de system/workplace/views/explorer/tree_files.jsp en Alkacon OpenCMS 7.0.3 permite a atacantes remotos inyectar web script o HMTL de su elección a través del parámetro resource. • https://www.exploit-db.com/exploits/31299 http://secunia.com/advisories/29121 http://securityreason.com/securityalert/3702 http://www.securityfocus.com/archive/1/488708/100/0/threaded http://www.securityfocus.com/bid/27986 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 6EXPL: 2CVE-2006-3933
https://notcve.org/view.php?id=CVE-2006-3933
Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Alkacon OpenCms before 6.2.2 permite a atacantes remotos autenticados inyectar secuencias de comandos web o HTML de su elección mediante el cuerpo del mensaje. • http://o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txt http://secunia.com/advisories/21193 http://securityreason.com/securityalert/1302 http://www.opencms.org/export/download/opencms/opencms_6.2.2_src.zip http://www.opencms.org/opencms/en/shownews.html?id=1002 http://www.securityfocus.com/archive/1/441182/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/28033 •