CVE-2008-1045: Alkacon OpenCMS XSS via file tree navigation in system/workplace/views/explorer/tree_files.jsp

May 1, 2022 (updated June 20, 2025)

Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter.

References

github.com/advisories/GHSA-v965-wwrq-gxfg
github.com/alkacon/opencms-core
github.com/alkacon/opencms-core/commit/49c5beded65bf0232cab61b1299b85dee9ae2014
nvd.nist.gov/vuln/detail/CVE-2008-1045

Code Behaviors & Features

Detect and mitigate CVE-2008-1045 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →