Vulnerabilities > Alkacon > Opencms > 8.5.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-08 | CVE-2019-11819 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Alkacon Opencms Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name. | 6.8 |
| 2019-05-08 | CVE-2019-11818 | Cross-site Scripting vulnerability in Alkacon Opencms Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). | 4.3 |
| 2013-08-09 | CVE-2013-4600 | Cross-Site Scripting vulnerability in Alkacon Opencms Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html. | 4.3 |