alkacon

Top products

The 15 most recently published vulnerabilities affecting alkacon.

• CVE-2026-2736Reflected Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms6.1Feb 19, 2026
• CVE-2026-2735Stored Cross-Site Scripting (XSS) vulnerability in Alkacon's OpenCms5.4Feb 19, 2026
• CVE-2024-42699Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field6.5Apr 21, 2025
• CVE-2024-41446A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under th...5.4Apr 21, 2025
• CVE-2024-41447A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under t...5.4Apr 18, 2025
• CVE-2024-5521Cross-Site Scripting stored in Alkacon OpenCMS6.4May 30, 2024
• CVE-2024-5520Cross-Site Scripting stored in Alkacon OpenCMS6.4May 30, 2024
• CVE-2023-6380Open Redirect in Alkacon Software OpenCms6.1Dec 13, 2023
• CVE-2023-6379Cross-site Scripting in Alkacon Software OpenCms5.4Dec 13, 2023
• CVE-2023-37602An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.6.1Jul 20, 2023
• CVE-2023-31544A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under th...5.4May 16, 2023
• CVE-2021-25968OpenCMS - Stored Cross-Site Scripting (XSS) in Sitemap5.4Oct 19, 2021
• CVE-2021-3312An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by upl...6.5Oct 8, 2021
• CVE-2019-13237In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new....4.3Aug 27, 2019
• CVE-2019-13236In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.6.1Aug 27, 2019