Opencms Security Vulnerabilities and Issues — Opencms CVE List

Lucene search

AlkaconOpencms

4 matches found

CVE•added 2025/04/21 2:15 p.m.•118 views

CVE-2024-41446

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.

5.4CVSS5.6AI score0.00052EPSS

CVE•added 2025/04/18 5:15 p.m.•67 views

CVE-2024-41447

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function.

5.4CVSS5.7AI score0.00039EPSS

CVE•added 2023/05/16 9:15 p.m.•49 views

CVE-2023-31544

A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.

5.4CVSS5.2AI score0.00085EPSS

CVE•added 2021/10/19 9:15 a.m.•42 views

CVE-2021-25968

In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field.

5.4CVSS5AI score0.00206EPSS