GHSA-vg6x-pchq-98mg

Опубликовано: 30 мая 2024

Источник: github

Github: Прошло ревью

CVSS3: 6.4

Описание

OpenCMS Cross-Site Scripting vulnerability

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field. Another could having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image.

Ссылки

Пакеты

Наименование

org.opencms:opencms-core

maven

Затронутые версииВерсия исправления

= 16.0

17.0

EPSS

Процентиль: 49%

0.00261

Низкий

6.4 Medium

CVSS3

CVE ID

CVE-2024-5520

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-5520

CVSS3: 6.4

nvd

больше 1 года назад

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field.

EPSS

Процентиль: 49%

0.00261

Низкий

6.4 Medium

CVSS3

CVE ID

CVE-2024-5520

Дефекты

CWE-79