Browse all 6 CVE security advisories affecting Alkacon. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Alkacon develops OpenCms, a Java-based content management system primarily used for enterprise web content management. Historically, Alkacon products have been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for all six recorded CVEs. The platform's security posture has been challenged by consistent input validation weaknesses and insufficient access controls in administrative interfaces. While no major public security incidents have been documented, the cumulative CVE history suggests a pattern of vulnerabilities that could allow attackers to compromise server integrity or escalate privileges within OpenCms deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-6380 | Open Redirect in Alkacon Software OpenCms — Open CMSCWE-601 | 6.1 | Medium | 2023-12-13 |
| CVE-2023-6379 | Cross-site Scripting in Alkacon Software OpenCms — Open CMSCWE-79 | 5.4 | Medium | 2023-12-13 |
This page lists every published CVE security advisory associated with Alkacon. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.