Vulnerabilities > Alkacon

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-08	CVE-2019-11819	Improper Neutralization of Formula Elements in a CSV File vulnerability in Alkacon Opencms Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name. local low complexity alkacon CWE-1236	7.8
2019-05-08	CVE-2019-11818	Cross-site Scripting vulnerability in Alkacon Opencms Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). network low complexity alkacon CWE-79	6.1
2018-03-20	CVE-2018-8815	Cross-site Scripting vulnerability in Alkacon Opencms 10.5.3 Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image. network low complexity alkacon CWE-79	4.6
2018-03-20	CVE-2018-8811	Cross-Site Request Forgery (CSRF) vulnerability in Alkacon Opencms 10.5.3 Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. network low complexity alkacon CWE-352	8.8

Vulnerabilities > Alkacon {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Alkacon"}]}