CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-11819
https://notcve.org/view.php?id=CVE-2019-11819
Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name. Alkacon OpenCMS v10.5.4 y anteriores se ve afectado por la inyección CSV (también conocida como Excel Macro) en el módulo Nuevo Usuario (/opencms/system/workplace/admin/accounts/user_new.jsp) mediante el Nombre o Apellido. • https://github.com/alkacon/opencms-core/issues/636 https://www.openwall.com/lists/oss-security/2019/05/05/2 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-11818
https://notcve.org/view.php?id=CVE-2019-11818
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded. Alkacon OpenCMS versión 10.5.4 y anterior, se ve afectado por los cross site scripting (XSS) almacenados en el módulo New User (/opencms/system/workplace/admin/accounts/user_new.jsp). Esto permite que un atacante introducir JavaScript arbitrario como entrada del usuario (Nombre o Apellido), que será ejecutado siempre que se cargue el fragmento de código afectado. • https://github.com/alkacon/opencms-core/issues/635 https://www.openwall.com/lists/oss-security/2019/04/30/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 2CVE-2013-4600 – OpenCMS 8.5.1 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-4600
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html. Múltiples vulnerabilidades de cross-site scripting (XSS) en Alkacon OpenCms anterior a v8.5.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) “title” en system/workplace/views/admin/admin-main.jsp o en el parámetro (2) “requestedResource” en system/login/index.html OpenCMS version 8.5.1 suffers from a cross site scripting vulnerability. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0113.html http://www.opencms.org/en/news/130710-opencms-v852-releasenotes.html https://github.com/alkacon/opencms-core/issues/173 https://www.htbridge.com/advisory/HTB23160 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1753
https://notcve.org/view.php?id=CVE-2008-1753
Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en system/workplace/admin/workplace/sessions.jsp en Alkacon OpenCMS 7.0.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro searchfilter, un vector diferente de CVE-2008-1510. • http://securityreason.com/securityalert/3808 http://www.securityfocus.com/archive/1/490498/100/0/threaded http://www.securityfocus.com/archive/1/490710/100/0/threaded http://www.securityfocus.com/bid/28637 https://exchange.xforce.ibmcloud.com/vulnerabilities/41675 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1510 – Alkacon OpenCMS 7.0.3 - 'users_list.jsp' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1510
Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en system/workplace/admin/accounts/users_list.jsp de Alkacon OpenCMS 7.0.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) searchfilter o del parámetro (2) listSearchFilter. • https://www.exploit-db.com/exploits/31475 http://securityreason.com/securityalert/3777 http://www.securityfocus.com/archive/1/489984/100/0/threaded http://www.securityfocus.com/bid/28411 https://exchange.xforce.ibmcloud.com/vulnerabilities/41390 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •