Every CVE whose affected-product data names Alkacon Opencms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (32)
CVE-2018-8811 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers…
CVE-2019-11819 — CVSS 7.8 (high): Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/ac…
CVE-2005-4475 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via…
CVE-2024-42699 — CVSS 6.5 (medium): Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript…
CVE-2006-3935 — CVSS 6.5 (medium): system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which…
CVE-2021-3312 — CVSS 6.5 (medium): An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit…
CVE-2024-5521 — CVSS 6.4 (medium): Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having…
CVE-2024-5520 — CVSS 6.4 (medium): Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with…
CVE-2026-2736 — CVSS 6.1 (medium): Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's…
CVE-2019-11818 — CVSS 6.1 (medium): Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/…
CVE-2019-13236 — CVSS 6.1 (medium): In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.
CVE-2023-37602 — CVSS 6.1 (medium): An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary…
CVE-2023-6380 — CVSS 6.1 (medium): Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker…
CVE-2024-41447 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a…
CVE-2023-31544 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML…
CVE-2026-2735 — CVSS 5.4 (medium): Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST…
CVE-2023-6379 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This…
CVE-2021-25968 — CVSS 5.4 (medium): In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to…
CVE-2024-41446 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a…
CVE-2018-8815 — CVSS 4.6 (medium): Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web…
CVE-2013-4600 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script…
CVE-2008-1300 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileView…
CVE-2008-1045 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon…
CVE-2005-4294 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2008-1510 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers…
CVE-2008-1753 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers…
CVE-2015-2351 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web…
CVE-2006-3934 — CVSS 4.0 (medium): Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download…
CVE-2006-3936 — CVSS 4.0 (medium): system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary…
CVE-2008-1301 — CVSS 4.0 (medium): Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and…
CVE-2006-3933 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script…
CVE-2006-2571 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject…