CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25968 – OpenCMS - Stored Cross-Site Scripting (XSS) in Sitemap
https://notcve.org/view.php?id=CVE-2021-25968
In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field. En "OpenCMS", versiones 10.5.0 a 11.0.2, están afectadas por una vulnerabilidad de tipo XSS almacenado que permite a usuarios de aplicaciones poco privilegiado almacenar scripts maliciosos en la funcionalidad Sitemap. Estos scripts se ejecutan en el navegador de la víctima cuando ésta abre la página que contiene el campo vulnerable • https://github.com/alkacon/mercury-template/commit/800945f5d02346c633c7aef9f5d596d7dedc8fb5 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25968 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2019-13237 – Alkacon OpenCMS 10.5.x - Local File inclusion
https://notcve.org/view.php?id=CVE-2019-13237
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp. En Alkacon OpenCms versiones 10.5.4 y 10.5.5, hay múltiples recursos vulnerables a la Inclusión de Archivos Locales que permiten a un atacante acceder a los recursos del servidor: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, y /system/workplace/admin/history/settings/index.jsp. Alkacon OpenCMS version 10.5.x suffers from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/47340 http://packetstormsecurity.com/files/154281/Alkacon-OpenCMS-10.5.x-Local-File-Inclusion.html https://aetsu.github.io/OpenCms https://github.com/alkacon/opencms-core/commits/branch_10_5_x • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2019-13236 – Alkacon OpenCMS 10.5.x - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-13236
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface. En system/workplace/ en Alkacon OpenCms versiones 10.5.4 y 10.5.5, hay múltiples problemas de tipo XSS Reflejado y Almacenado en la interfaz de administración. Alkacon OpenCMS version 10.5.x suffers from a cross site scripting vulnerability in its site management functionality. • https://www.exploit-db.com/exploits/47339 http://packetstormsecurity.com/files/154283/Alkacon-OpenCMS-10.5.x-Cross-Site-Scripting.html https://aetsu.github.io/OpenCms https://github.com/alkacon/opencms-core/commits/branch_10_5_x https://twitter.com/aetsu/status/1152096227938459648 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2019-13235 – Alkacon OpenCMS 10.5.x - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-13235
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form. En Alkacon OpenCms Apollo Template versiones 10.5.4 y 10.5.5, hay una vulnerabilidad de tipo XSS en el formulario Login. Alkacon OpenCMS version 10.5.x suffers from multiple cross site scripting vulnerabilities in the Apollo Template. • https://www.exploit-db.com/exploits/47338 http://packetstormsecurity.com/files/154298/Alkacon-OpenCMS-10.5.x-Cross-Site-Scripting.html https://aetsu.github.io/OpenCms https://github.com/alkacon/apollo-template/commits/branch_10_5_x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2019-13234 – Alkacon OpenCMS 10.5.x - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-13234
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine. En Alkacon OpenCms Apollo Template versiones 10.5.4 y 10.5.5, Hay una vulnerabilidad de tipo XSS en el motor de búsqueda. Alkacon OpenCMS version 10.5.x suffers from multiple cross site scripting vulnerabilities in the Apollo Template. • https://www.exploit-db.com/exploits/47338 http://packetstormsecurity.com/files/154298/Alkacon-OpenCMS-10.5.x-Cross-Site-Scripting.html https://aetsu.github.io/OpenCms https://github.com/alkacon/apollo-template/commits/branch_10_5_x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •