Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-c8j6-gqq8-4prj

Опубликовано: 24 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 1.3

Описание

Alkacon OpenCMS XSS via New User module

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded.

Ссылки

Пакеты

Наименование

org.opencms:opencms-core

maven
Затронутые версииВерсия исправления

<= 10.5.4

11.0.0

EPSS

Процентиль: 47%
0.0024
Низкий

1.3 Low

CVSS4

CVE ID

CVE-2019-11818

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2019-11818

CVSS3: 6.1
nvd
больше 6 лет назад

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded.

EPSS

Процентиль: 47%
0.0024
Низкий

1.3 Low

CVSS4

CVE ID

CVE-2019-11818

Дефекты

CWE-79