Vulnerabilities > Alkacon > Opencms > 7.0.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-05-08 | CVE-2019-11819 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Alkacon Opencms Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name. | 6.8 |
2019-05-08 | CVE-2019-11818 | Cross-site Scripting vulnerability in Alkacon Opencms Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). | 4.3 |
2013-08-09 | CVE-2013-4600 | Cross-Site Scripting vulnerability in Alkacon Opencms Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html. | 4.3 |
2008-04-11 | CVE-2008-1753 | Cross-Site Scripting vulnerability in Alkacon Opencms 7.0.3 Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510. | 4.3 |
2008-03-25 | CVE-2008-1510 | Cross-Site Scripting vulnerability in Alkacon Opencms 7.0.3 Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter. | 4.3 |
2008-03-12 | CVE-2008-1301 | Path Traversal vulnerability in Alkacon Opencms 7.0.3/7.0.4 Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter. | 4.0 |
2008-03-12 | CVE-2008-1300 | Cross-Site Scripting vulnerability in Alkacon Opencms 7.0.3/7.0.4 Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a different vector than CVE-2008-1045. | 4.3 |
2008-02-27 | CVE-2008-1045 | Cross-Site Scripting vulnerability in Alkacon Opencms 7.0.3 Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter. | 4.3 |