Vulnerabilities > Alkacon > Opencms > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-19 | CVE-2021-25968 | Cross-site Scripting vulnerability in Alkacon Opencms In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. | 3.5 |
| 2018-03-20 | CVE-2018-8815 | Cross-site Scripting vulnerability in Alkacon Opencms 10.5.3 Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image. | 3.5 |
| 2006-07-31 | CVE-2006-3933 | Cross-Site Scripting vulnerability in OpenCMS Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body. network alkacon | 3.5 |
| 2006-05-24 | CVE-2006-2571 | Cross-Site Scripting vulnerability in Opencms 6.0.0/6.0.2/6.0.3 Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action. | 2.6 |