An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS12cTk1LTZ4NzktcXY4as4ABHCH

Moderate EPSS: 0.00039% (0.10962 Percentile) EPSS:

Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability

Affected Packages Affected Versions Fixed Versions
maven:org.opencms:opencms-core <= 17.0 No known fixed version
127 Dependent packages
22 Dependent repositories

Affected Version Ranges

All affected versions

8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.5.0, 8.5.1, 8.5.2, 9.0.0, 9.0.1, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 10.0.0, 10.0.1, 10.5.0, 10.5.1, 10.5.2, 10.5.3, 10.5.4, 11.0.0, 11.0.1, 11.0.2

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function.

References: