Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1xNjkzLXY3cWYtcDR4as4AAgp8

High EPSS: 0.00203% (0.42857 Percentile) EPSS:
Permalink JSON

Alkacon OpenCMS CSV Injection via New User module

Affected Packages Affected Versions Fixed Versions
maven:org.opencms:opencms-core < 11.0.0 11.0.0
127 Dependent packages
22 Dependent repositories

Affected Version Ranges

All affected versions

8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.5.0, 8.5.1, 8.5.2, 9.0.0, 9.0.1, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 10.0.0, 10.0.1, 10.5.0, 10.5.1, 10.5.2, 10.5.3, 10.5.4

All unaffected versions

11.0.0, 11.0.1, 11.0.2

Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name.

References:

Identifiers

GHSA-q693-v7qf-p4xj

CVE-2019-11819

Risk

Severity

High

EPSS

EPSS Percentage: 0.00203

EPSS Percentile: 0.42857

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/alkacon/opencms-core

Date and time

Published

about 3 years ago

Updated

about 1 month ago

API

JSON