A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function.
References:GSA_kwCzR0hTQS12cTk1LTZ4NzktcXY4as4ABHCH
Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability
Affected Packages | Affected Versions | Fixed Versions | |
---|---|---|---|
maven:org.opencms:opencms-core | <= 17.0 | No known fixed version | |
Affected Version RangesAll affected versions8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.5.0, 8.5.1, 8.5.2, 9.0.0, 9.0.1, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 10.0.0, 10.0.1, 10.5.0, 10.5.1, 10.5.2, 10.5.3, 10.5.4, 11.0.0, 11.0.1, 11.0.2 |