PT-2008-3074 · Alkacon · Alkacon Opencms

Nnposter

Published

2008-03-25

Updated

2022-05-01

CVE-2008-1510

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Alkacon OpenCMS version 7.0.3

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the searchfilter or listSearchFilter parameters in the system/workplace/admin/accounts/users list.jsp file.

Recommendations For Alkacon OpenCMS version 7.0.3, consider restricting access to the users list.jsp file until a patch is available. As a temporary workaround, avoid using the searchfilter and listSearchFilter parameters in the affected API endpoint.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2008-1510

GHSA-4FG8-5HWC-WG5V

Affected Products

Alkacon Opencms

PT-2008-3074 · Alkacon · Alkacon Opencms

CVE-2008-1510

Weakness Enumeration

Related Identifiers

Affected Products

References · 9