GCVE - cpe:2.3:a:alkacon:opencms:6.2.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:alkacon:opencms:6.2.1:*:*:*:*:*:*:*

part: a version: 6.2.1 update: *

Vendor	Alkacon (`3bbcd211-d08b-568f-b8a5-0c270556c43d`)
Product	Opencms (`443c1ba7-ecf6-55d1-8f09-8482e1caa421`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/alkacon/opencms-core`	purl2cpe	2026-06-01 10:16:11.142728
`pkg:maven/org.opencms/opencms-core`	purl2cpe	2026-06-01 10:16:11.142730

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-4600`	vulnerable	2026-06-08 05:04:48.684910	Details available Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html. Published: 2013-08-09T21:00:00.000Z Updated: 2024-09-16T16:42:52.265Z Open on db.gcve.eu Reference links http://archives.neohapsis.com/archives/bugtraq/2013-07/0113.html https://github.com/alkacon/opencms-core/issues/173 http://www.opencms.org/en/news/130710-opencms-v852-releasenotes.html https://www.htbridge.com/advisory/HTB23160	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-3936`	vulnerable	2026-06-08 04:49:10.553846	Details available system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp. Published: 2006-07-31T22:00:00.000Z Updated: 2024-08-07T18:48:39.404Z Open on db.gcve.eu Reference links http://secunia.com/advisories/21193 https://exchange.xforce.ibmcloud.com/vulnerabilities/28001 http://www.opencms.org/opencms/en/shownews.html?id=1002 http://securityreason.com/securityalert/1302 http://www.securityfocus.com/archive/1/441182/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-3935`	vulnerable	2026-06-08 04:49:10.553018	Details available system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp. Published: 2006-07-31T22:00:00.000Z Updated: 2024-08-07T18:48:39.419Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/28026 http://secunia.com/advisories/21193 http://www.opencms.org/opencms/en/shownews.html?id=1002 http://securityreason.com/securityalert/1302 http://www.securityfocus.com/archive/1/441182/100/0/threaded	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.