Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19275
HistoryFeb 26, 2008 - 12:00 a.m.

Alkacon OpenCms tree_files.jsp resource XSS

2008-02-2600:00:00
vulners.com
76
JSON

Alkacon OpenCms tree_files.jsp resource XSS

Product: Alkacon OpenCms
http://www.opencms.org/

OpenCms contains a cross-site scripting vulnerability in the file tree navigation function. An
invalid value supplied to parameter resource in page
opencms/system/workplace/views/explorer/tree_files.jsp is not sanitized before it gets embedded in
the HTML output as part of a JavaScript comment.

Example:
http://(target)/opencms/opencms/system/workplace/views/explorer/tree_files.jsp?resource=+/+alert(document.cookie);+/+/

The vulnerability has been identified in version 7.0.3. However, other versions may be also
affected.

Solution:
Users should not browse untrusted sites while logged into OpenCms.

Found by:
nnposter

JSON