CVE-2008-1510

Alkacon OpenCMS 7.0.3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nnposter · textwebappsjsp

https://www.exploit-db.com/exploits/31475

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/489984/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/28411

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41390

[Third Party Advisory] http://securityreason.com/securityalert/3777

Scores

EPSS 0.0056

EPSS Percentile 68.1%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

alkacon/opencms

org.opencms/opencms-core < 7.0.4Maven

Timeline

Published Mar 25, 2008

Tracked Since Feb 18, 2026