CVE-2008-1300

Alkacon OpenCms 7.0.3-7.0.4 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a different vector than CVE-2008-1045.

Exploits (1)

exploitdb WORKING POC VERIFIED
by nnposter · textwebappsphp
https://www.exploit-db.com/exploits/31365

References (5)

Scores

EPSS 0.0033
EPSS Percentile 55.9%

Classification

CWE
CWE-79
Status draft

Affected Products (3)

alkacon/opencms
alkacon/opencms
org.opencms/opencms-core < 7.0.5Maven

Timeline

Published Mar 12, 2008
Tracked Since Feb 18, 2026