Filtered by vendor Alkacon Subscriptions
Filtered by product Opencms Subscriptions
Total 26 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-11818 1 Alkacon 1 Opencms 2024-08-04 N/A
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded.
CVE-2021-25968 1 Alkacon 1 Opencms 2024-08-03 5.4 Medium
In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field.
CVE-2021-3312 1 Alkacon 1 Opencms 2024-08-03 6.5 Medium
An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.
CVE-2023-37602 1 Alkacon 1 Opencms 2024-08-02 6.1 Medium
An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
CVE-2023-31544 1 Alkacon 1 Opencms 2024-08-02 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.
CVE-2023-6379 1 Alkacon 1 Opencms 2024-08-02 5.4 Medium
Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session.