[MAVEN:GHSA-VG6X-PCHQ-98MG] OpenCMS Cross-Site Scripting vulnerability
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user:
with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title
field. Another could having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image.
Package | Affected Version |
---|---|
pkg:maven/org.opencms/opencms-core | = 16.0 |
Package | Fixed Version |
---|---|
pkg:maven/org.opencms/opencms-core | = 17.0 |
- ID
- MAVEN:GHSA-VG6X-PCHQ-98MG
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-vg6x-pchq-98mg
- Published
-
2024-05-30T19:49:04
(3 months ago) - Modified
-
2024-05-30T19:49:05
(3 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.opencms/opencms-core | org.opencms | opencms-core | = 16.0 | |||
Fixed | pkg:maven/org.opencms/opencms-core | org.opencms | opencms-core | = 17.0 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |