pkg:Maven/org.opencms:opencms-core

All known vulnerabilities

• HIGH7.8CVE-2019-11819Alkacon OpenCMS CSV Injection via New User module
  from 0, < 11.0.0
• HIGH7.5CVE-2023-42346Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host
  from 0, < 16.0
• HIGH7.3CVE-2023-42344Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information
  from 0, < 10.5.1
• MEDIUM6.5XML External Entity Reference in org.opencms:opencms-core
  >= 11.0.0, < 12.0.0
• MEDIUM6.4OpenCMS Cross-Site Scripting vulnerability
  >= 16.0, < 17.0
• MEDIUM6.1Alkacon OpenCms is vulnerable to XSS via cmis-online/type
  from 0, < 16.0
• MEDIUM6.1Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp
  from 0, < 16.0
• MEDIUM6.1Alkacon OpenCMS arbitrary file upload vulnerability
  from 0, <= 15.0
• MEDIUM6.1XSS issues in the management interface
  from 0, < 11.0.1
• MEDIUM6.1XSS in login form
  from 0, < 11.0.1
• MEDIUM6.1XSS in search engine
  from 0, < 11.0.1
• MEDIUM5.4OpenCMS cross-site scripting (XSS) vulnerability
  from 0, <= 17.0
• MEDIUM5.4Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability
  from 0, <= 17.0
• MEDIUM5.4Alkacon OpenCMS XSS via Mercury template
  >= 14.0.0, < 16.0.0
• MEDIUM5.4alkacon-OpenCMS vulnerable to stored Cross-site Scripting
  from 0, < 11.0.1
• MEDIUM4.3Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
  from 0, < 11.0.1
• —OpenCMS Cross-Site Scripting vulnerability
  from 0, <= 17.0
• —Alkacon OpenCMS XSS via New User module
  from 0, < 11.0.0
• —Alkacon OpenCMS XSS via title and requestedResource parameters
  from 0, < 8.5.2
• —Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters
  from 0, < 9.5.2
• —Alkacon OpenCMS XSS via searchfilter parameter in system/workplace/admin/workplace/sessions.jsp
  from 0, < 7.0.4
• —Alkacon OpenCMS XSS via searchfilter or listSearchFilter parameter
  from 0, < 7.0.4
• —Alkacon OpenCMS Absolute Path Traversal via pathname in filePath.0 parameter
  >= 7.0.3, < 7.0.5
• —Alkacon Open CMS XSS via Logfile Viewer Settings function
  >= 7.0.3, < 7.0.5
• —Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp
  from 0, < 7.0.4
• —Alkacon OpenCMS Improper Access Control via system/workplace/views/admin/admin-main.jsp
  from 0, < 6.2.2
• —Alkacon OpenCms Exposes JSP Source Code
  from 0, < 6.2.2
• —Alkacon OpenCms XSS via unsanitized message body
  from 0, < 6.2.2
• —Alkacon OpenCMS Absolute Path Traversal via pathname in filePath parameter
  from 0, < 6.2.2
• —Alkacon OpenCms XSS via query parameter in a search action
  >= 6.0.0, < 6.0.4
• —Alkacon OpenCms XSS via username during login
  from 0, < 6.0.3