VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-438r-879q-cqhd

Essentials
Severities (14)
References (9)
Severity details (11)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-438r-879q-cqhd
Aliases	CVE-2008-1510 GHSA-4fg8-5hwc-wg5v
Summary	Alkacon OpenCMS XSS via searchfilter or listSearchFilter parameter
Status	Published
Exploitability	2.0
Weighted Severity	2.7
Risk	5.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2008-1510
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2008-1510
epss	0.00564	https://api.first.org/data/v1/epss?cve=CVE-2008-1510
cvssv4	1.3	http://securityreason.com/securityalert/3777
generic_textual	LOW	http://securityreason.com/securityalert/3777
cvssv4	1.3	https://exchange.xforce.ibmcloud.com/vulnerabilities/41390
generic_textual	LOW	https://exchange.xforce.ibmcloud.com/vulnerabilities/41390
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-4fg8-5hwc-wg5v
cvssv4	1.3	https://github.com/alkacon/opencms-core
generic_textual	LOW	https://github.com/alkacon/opencms-core
cvssv4	1.3	https://github.com/alkacon/opencms-core/commit/49c5beded65bf0232cab61b1299b85dee9ae2014
generic_textual	LOW	https://github.com/alkacon/opencms-core/commit/49c5beded65bf0232cab61b1299b85dee9ae2014
cvssv4	1.3	https://nvd.nist.gov/vuln/detail/CVE-2008-1510
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2008-1510

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2008-1510
		http://securityreason.com/securityalert/3777
		https://exchange.xforce.ibmcloud.com/vulnerabilities/41390
		https://github.com/alkacon/opencms-core
		https://github.com/alkacon/opencms-core/commit/49c5beded65bf0232cab61b1299b85dee9ae2014
CVE-2008-1510		https://nvd.nist.gov/vuln/detail/CVE-2008-1510
CVE-2008-1510;OSVDB-43801	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/jsp/webapps/31475.txt
CVE-2008-1510;OSVDB-43801	Exploit	https://www.securityfocus.com/bid/28411/info
GHSA-4fg8-5hwc-wg5v		https://github.com/advisories/GHSA-4fg8-5hwc-wg5v

Data source	Exploit-DB
Date added	March 24, 2008
Description	Alkacon OpenCMS 7.0.3 - 'users_list.jsp' Multiple Cross-Site Scripting Vulnerabilities
Ransomware campaign use	Known
Source publication date	March 24, 2008
Exploit type	webapps
Platform	jsp
Source update date	Feb. 7, 2014
Source URL	https://www.securityfocus.com/bid/28411/info

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U Found at http://securityreason.com/securityalert/3777

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U Found at https://exchange.xforce.ibmcloud.com/vulnerabilities/41390

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U Found at https://github.com/alkacon/opencms-core

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U Found at https://github.com/alkacon/opencms-core/commit/49c5beded65bf0232cab61b1299b85dee9ae2014

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1510

Attack Vector (AV)	Attack Complexity (AC)	Attack Requirements (AT)	Privileges Required (PR)	User Interaction (UI)	Vulnerable System Impact Confidentiality (VC)	Vulnerable System Impact Integrity (VI)	Vulnerable System Impact Availability (VA)	Subsequent System Impact Confidentiality (SC)	Subsequent System Impact Integrity (SI)	Subsequent System Impact Availability (SA)
network adjacent local physical	low high	none present	none low high	none passive active	high low none	high low none	high low none	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

Vulnerable System Impact Confidentiality (VC)

Vulnerable System Impact Integrity (VI)

Vulnerable System Impact Availability (VA)

Subsequent System Impact Confidentiality (SC)

Subsequent System Impact Integrity (SI)

Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.68861
EPSS Score	0.00564
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:29:04.937539+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-4fg8-5hwc-wg5v	38.6.0