Low severityNVD Advisory· Published Mar 19, 2015· Updated May 6, 2026
CVE-2015-2351
CVE-2015-2351
Description
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms 9.5.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) homelink parameter to system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp, (2) workplaceresource parameter to system/workplace/locales/en/help/index.html, (3) path parameter to system/workplace/views/admin/admin-main.jsp, (4) mode parameter to system/workplace/views/explorer/explorer_files.jsp, or (5) query parameter in a search action to system/modules/org.opencms.workplace.help/elements/search.jsp.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.opencms:opencms-coreMaven | < 9.5.2 | 9.5.2 |
Affected products
1Patches
1a2e5cba0adc3Fixed some XSS issues.
4 files changed · +14 −9
modules/org.opencms.workplace.explorer/resources/system/workplace/views/explorer/explorer_files.jsp+1 −1 modified@@ -18,7 +18,7 @@ if (request.getParameter("reload") != null) { CmsJspActionElement jsp = new CmsJspActionElement(pageContext, request, response); CmsFrameset wp2 = new CmsFrameset(jsp); // reload only the first time - %>top.body.location.href = '<%=wp2.getStartupUri()%>';<% + %>top.body.location.href = "<%=org.opencms.i18n.CmsEncoder.escapeXml(wp2.getStartupUri())%>";<% } String files = wp.getFileList(); // System.err.println(files);
src/org/opencms/workplace/explorer/CmsExplorer.java+2 −2 modified@@ -602,11 +602,11 @@ public String getInitializationHeader() { content.append("function initialize() {\n"); content.append("top.setRootFolder(\""); String rootFolder = getRootFolder(); - content.append(rootFolder); + content.append(CmsEncoder.escapeXml(rootFolder)); content.append("\");\n"); content.append("top.mode=\""); - content.append(getSettings().getExplorerMode()); + content.append(CmsEncoder.escapeXml(getSettings().getExplorerMode())); content.append("\";\n"); String additionalParams = getJsp().getRequest().getParameter(CmsExplorer.PARAMETER_CONTEXTMENUPARAMS); if (additionalParams != null) {
src/org/opencms/workplace/help/CmsHelpSearchResultView.java+6 −2 modified@@ -158,13 +158,17 @@ public String displaySearchResult(CmsSearch search) { result.append("\n<!-- ").append(search.getLastException().toString()); result.append(" //-->\n"); } else { - result.append(messages.key(org.opencms.search.Messages.GUI_HELP_SEARCH_NOMATCH_1, search.getQuery())); + result.append(messages.key( + org.opencms.search.Messages.GUI_HELP_SEARCH_NOMATCH_1, + CmsEncoder.escapeXml(search.getQuery()))); result.append("\n"); } result.append("</p>\n"); } else if ((action != null) && (searchResult.size() <= 0)) { result.append("<p class=\"formerror\">\n"); - result.append(messages.key(org.opencms.search.Messages.GUI_HELP_SEARCH_NOMATCH_1, search.getQuery())); + result.append(messages.key( + org.opencms.search.Messages.GUI_HELP_SEARCH_NOMATCH_1, + CmsEncoder.escapeXml(search.getQuery()))); result.append("\n"); result.append("</p>\n"); } else if ((action != null) && (searchResult.size() > 0)) {
src/org/opencms/workplace/help/CmsHelpTemplateBean.java+5 −4 modified@@ -35,6 +35,7 @@ import org.opencms.file.CmsResourceFilter; import org.opencms.file.CmsVfsResourceNotFoundException; import org.opencms.file.types.CmsResourceTypeXmlPage; +import org.opencms.i18n.CmsEncoder; import org.opencms.i18n.CmsLocaleManager; import org.opencms.jsp.CmsJspActionElement; import org.opencms.jsp.CmsJspNavElement; @@ -398,7 +399,7 @@ public String displayHead() { // store home link in JS variable to use it in body frame result.append("<script type=\"text/javascript\">\n<!--\n"); result.append("\tvar homeLink = \""); - result.append(getParamHomelink()); + result.append(CmsEncoder.escapeXml(getParamHomelink())); result.append("\";\n\n"); result.append("//-->\n</script>\n"); @@ -454,7 +455,7 @@ public String displayHead() { resourcePath)); result.append(button( - "javascript:top.body.location.href='" + getParamHomelink() + "';", + "javascript:top.body.location.href='" + CmsEncoder.escapeXml(getParamHomelink()) + "';", null, "contents.png", org.opencms.search.Messages.GUI_HELP_BUTTON_CONTENTS_0, @@ -758,7 +759,7 @@ protected String displayFrameset() { headLink.append(PARAM_HOMELINK); headLink.append("="); headLink.append(getParamHomelink()); - result.append(getJsp().link(attachRequestString(headLink.toString()))); + result.append(CmsEncoder.escapeXml(getJsp().link(attachRequestString(headLink.toString())))); result.append("\" scrolling=\"no\" noresize>\n"); result.append("\t<frame name=\"body\" src=\""); StringBuffer bodyLink = new StringBuffer(8); @@ -920,4 +921,4 @@ private String attachRequestString(String resourceName) { return result.toString(); } -} \ No newline at end of file +}
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- packetstormsecurity.com/files/130812/Alkacon-OpenCms-9.5.1-Cross-Site-Scripting.htmlnvdExploitWEB
- seclists.org/fulldisclosure/2015/Mar/75nvdExploitWEB
- github.com/alkacon/opencms-core/issues/304nvdExploitWEB
- github.com/advisories/GHSA-6c8c-f2w2-jvjrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-2351ghsaADVISORY
- github.com/alkacon/opencms-core/commit/a2e5cba0adc345943a07d1aacb6adf1a1b20c6fcghsaWEB
- www.securityfocus.com/archive/1/534867/100/0/threadednvd
- www.securityfocus.com/bid/73112nvd
News mentions
0No linked articles in our index yet.