Medium
CVSS: 5.1
Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ parameter in ‘/search/index.html’. This vu…
Medium
CVSS: 5.1
Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter.
Medium
CVSS: 4.3
opencms V2.3 is vulnerable to Arbitrary file read in src/main/webapp/view/admin/document/dataPage.jsp,
Medium
CVSS: 6.5
Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field
Medium
CVSS: 5.4
A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.
Medium
CVSS: 5.4
A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function.
Medium
CVSS: 5.3
A vulnerability classified as problematic has been found in fumiao opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f. Affected is an unknown function of the file opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. The manipul…
Medium
CVSS: 5.3
A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the component Add Model Management Page. The manipulation of the argument…