In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine.
6.1CVSS
5.8AI Score
0.001EPSS
In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form.
6.1CVSS
5.8AI Score
0.001EPSS
In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp.
4.3CVSS
4.4AI Score
0.007EPSS