Org.opencms:opencms-core

This hub aggregates every CVE we track for Org.opencms:opencms-core, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Org.opencms:opencms-core.

• CVE-2024-41446A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under th...5.4Apr 21, 2025
• CVE-2024-42699Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field6.5Apr 21, 2025
• CVE-2024-41447A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under t...5.4Apr 18, 2025
• CVE-2024-5520Cross-Site Scripting stored in Alkacon OpenCMS6.4May 30, 2024
• CVE-2023-6379Cross-site Scripting in Alkacon Software OpenCms5.4Dec 13, 2023
• CVE-2023-37602An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.6.1Jul 20, 2023
• CVE-2023-31544A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under th...5.4May 16, 2023
• CVE-2021-3312An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by upl...6.5Oct 8, 2021
• CVE-2019-13237In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new....4.3Aug 27, 2019
• CVE-2019-13236In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.6.1Aug 27, 2019
• CVE-2019-13235In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.6.1Aug 27, 2019
• CVE-2019-13234In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.6.1Aug 27, 2019
• CVE-2019-11819Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.7.8May 8, 2019
• CVE-2019-11818Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert...6.1May 8, 2019
• CVE-2015-2351Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to system/modul...4.3Mar 19, 2015