OpenCMS 漏洞列表

OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.

users can execute code without authentication. An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template

OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.

users can execute code without authentication. An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template

opencms是fumiao个人开发者的一个 CMS 系统。 opencms存在路径遍历漏洞，该漏洞源于对参数path的错误操作会导致路径遍历。

OpenCms 是一个专业级别的开源网站内容管理系统。OpenCms 可以非常容易的帮助建立和管理复杂的网站而无需专业的 HTML知识。OpenCms基于JAVA和XML语言技术，因此它适合完全融入到现有的系统内部。OpenCms可以非常好的运行在一个完全的开源环境中（例如：Linux、Apache、Tomcat、MySQL）。由于服务端接收和解析了来自用户端的XML数据，且未对引用的外部实体进行适当处理，导致容易受到XML外部实体注入（XXE）攻击。

OpenCms是一个用于创建、管理和发布内容的开源内容管理系统。OpenCms存在一个通过引用参数的开放重定向漏洞，这可能会导致网络钓鱼攻击或其他意外重定向。