Alkacon : Security Vulnerabilities, CVEs, Published In 2008
Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510.
Max CVSS
4.3
EPSS Score
0.42%
Published
2008-04-11
Updated
2018-10-11
Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter.
Max CVSS
4.3
EPSS Score
0.21%
Published
2008-03-25
Updated
2018-10-11
Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter.
Max CVSS
4.0
EPSS Score
1.05%
Published
2008-03-12
Updated
2018-10-11
Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a different vector than CVE-2008-1045.
Max CVSS
4.3
EPSS Score
0.30%
Published
2008-03-12
Updated
2018-10-11
Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter.
Max CVSS
4.3
EPSS Score
0.19%
Published
2008-02-27
Updated
2018-10-11
5 vulnerabilities found