CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 3CVE-2019-13237 – Alkacon OpenCMS 10.5.x - Local File inclusion
https://notcve.org/view.php?id=CVE-2019-13237
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp. En Alkacon OpenCms versiones 10.5.4 y 10.5.5, hay múltiples recursos vulnerables a la Inclusión de Archivos Locales que permiten a un atacante acceder a los recursos del servidor: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, y /system/workplace/admin/history/settings/index.jsp. Alkacon OpenCMS version 10.5.x suffers from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/47340 http://packetstormsecurity.com/files/154281/Alkacon-OpenCMS-10.5.x-Local-File-Inclusion.html https://aetsu.github.io/OpenCms https://github.com/alkacon/opencms-core/commits/branch_10_5_x • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2019-13235 – Alkacon OpenCMS 10.5.x - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-13235
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form. En Alkacon OpenCms Apollo Template versiones 10.5.4 y 10.5.5, hay una vulnerabilidad de tipo XSS en el formulario Login. Alkacon OpenCMS version 10.5.x suffers from multiple cross site scripting vulnerabilities in the Apollo Template. • https://www.exploit-db.com/exploits/47338 http://packetstormsecurity.com/files/154298/Alkacon-OpenCMS-10.5.x-Cross-Site-Scripting.html https://aetsu.github.io/OpenCms https://github.com/alkacon/apollo-template/commits/branch_10_5_x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2019-13234 – Alkacon OpenCMS 10.5.x - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-13234
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine. En Alkacon OpenCms Apollo Template versiones 10.5.4 y 10.5.5, Hay una vulnerabilidad de tipo XSS en el motor de búsqueda. Alkacon OpenCMS version 10.5.x suffers from multiple cross site scripting vulnerabilities in the Apollo Template. • https://www.exploit-db.com/exploits/47338 http://packetstormsecurity.com/files/154298/Alkacon-OpenCMS-10.5.x-Cross-Site-Scripting.html https://aetsu.github.io/OpenCms https://github.com/alkacon/apollo-template/commits/branch_10_5_x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •