pkg:Maven/org.opencms:opencms-core

31 total CVEsHIGH3MEDIUM13

✅ Check your installed version

All known vulnerabilities

  • HIGH7.8CVE-2019-11819Alkacon OpenCMS CSV Injection via New User module
    from 0, < 11.0.0
  • HIGH7.5CVE-2023-42346Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host
    from 0, < 16.0
  • HIGH7.3CVE-2023-42344Alkacon OpenCms allows remote unauthenticated attackers to obtain sensitive information
    from 0, < 10.5.1
  • MEDIUM6.5CVE-2021-3312XML External Entity Reference in org.opencms:opencms-core
    >= 11.0.0, < 12.0.0
  • MEDIUM6.4CVE-2024-5520OpenCMS Cross-Site Scripting vulnerability
    >= 16.0, < 17.0
  • MEDIUM6.1CVE-2023-42343Alkacon OpenCms is vulnerable to XSS via cmis-online/type
    from 0, < 16.0
  • MEDIUM6.1CVE-2023-42345Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp
    from 0, < 16.0
  • MEDIUM6.1CVE-2023-37602Alkacon OpenCMS arbitrary file upload vulnerability
    from 0, <= 15.0
  • MEDIUM6.1CVE-2019-13236XSS issues in the management interface
    from 0, < 11.0.1
  • MEDIUM6.1CVE-2019-13235XSS in login form
    from 0, < 11.0.1
  • MEDIUM6.1CVE-2019-13234XSS in search engine
    from 0, < 11.0.1
  • MEDIUM5.4CVE-2024-41446OpenCMS cross-site scripting (XSS) vulnerability
    from 0, <= 17.0
  • MEDIUM5.4CVE-2024-41447Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability
    from 0, <= 17.0
  • MEDIUM5.4CVE-2023-6379Alkacon OpenCMS XSS via Mercury template
    >= 14.0.0, < 16.0.0
  • MEDIUM5.4CVE-2023-31544alkacon-OpenCMS vulnerable to stored Cross-site Scripting
    from 0, < 11.0.1
  • MEDIUM4.3CVE-2019-13237Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
    from 0, < 11.0.1
  • CVE-2024-42699OpenCMS Cross-Site Scripting vulnerability
    from 0, <= 17.0
  • CVE-2019-11818Alkacon OpenCMS XSS via New User module
    from 0, < 11.0.0
  • CVE-2013-4600Alkacon OpenCMS XSS via title and requestedResource parameters
    from 0, < 8.5.2
  • CVE-2015-2351Alkacon OpenCMS XSS via homelink, workplaceresource, mode and query parameters
    from 0, < 9.5.2
  • CVE-2008-1753Alkacon OpenCMS XSS via searchfilter parameter in system/workplace/admin/workplace/sessions.jsp
    from 0, < 7.0.4
  • CVE-2008-1510Alkacon OpenCMS XSS via searchfilter or listSearchFilter parameter
    from 0, < 7.0.4
  • CVE-2008-1301Alkacon OpenCMS Absolute Path Traversal via pathname in filePath.0 parameter
    >= 7.0.3, < 7.0.5
  • CVE-2008-1300Alkacon Open CMS XSS via Logfile Viewer Settings function
    >= 7.0.3, < 7.0.5
  • CVE-2008-1045Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp
    from 0, < 7.0.4
  • CVE-2006-3935Alkacon OpenCMS Improper Access Control via system/workplace/views/admin/admin-main.jsp
    from 0, < 6.2.2
  • CVE-2006-3936Alkacon OpenCms Exposes JSP Source Code
    from 0, < 6.2.2
  • CVE-2006-3933Alkacon OpenCms XSS via unsanitized message body
    from 0, < 6.2.2
  • CVE-2006-3934Alkacon OpenCMS Absolute Path Traversal via pathname in filePath parameter
    from 0, < 6.2.2
  • CVE-2006-2571Alkacon OpenCms XSS via query parameter in a search action
    >= 6.0.0, < 6.0.4
  • CVE-2005-4294Alkacon OpenCms XSS via username during login
    from 0, < 6.0.3