CVE-2024-5521

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...

Cross-site Scripting (XSS)

org.opencms: opencms-core is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of .svg files, allowing users with the roles of gallery editor or VFS resource manager to upload images containing JavaScript code, which will be executed when another user accesse...

PT-2024-36493 · Alkacon · Opencms

Name of the Vulnerable Software and Affected Versions: Alkacon's OpenCMS version 16 Description: Two Cross-Site Scripting issues have been discovered in Alkacon's OpenCMS, which could allow a user with sufficient privileges to create and modify web pages through the admin panel to execute malicio...

PT-2024-36494 · Opencms · Opencms

Name of the Vulnerable Software and Affected Versions: OpenCMS version 16 Description: The issue allows a user with the roles of gallery editor or VFS resource manager to upload images in the .svg format containing JavaScript code. This code will be executed when another user accesses the image...

OpenCMS 10.5.3 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: OpenCMS 10.5.3 Stored Cross Site Scripting Vulnerability Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...