CVE-2019-11818

Опубликовано: 08 мая 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded.

Ссылки

https://github.com/alkacon/opencms-core/issues/635
Exploit
Third Party Advisory
https://www.openwall.com/lists/oss-security/2019/04/30/3
Exploit
Mailing List
Third Party Advisory
https://github.com/alkacon/opencms-core/issues/635
Exploit
Third Party Advisory
https://www.openwall.com/lists/oss-security/2019/04/30/3
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*

Версия до 10.5.4 (включая)

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-c8j6-gqq8-4prj

github

больше 3 лет назад

Alkacon OpenCMS XSS via New User module