Lucene search

Veracode Vulnerability DatabaseVERACODE:47306

HistoryJun 03, 2024 - 5:26 a.m.

Cross-site Scripting (XSS)

2024-06-0305:26:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

opencms-core

cross-site scripting

insufficient input validation

admin panel

malicious javascript

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

org.opencms:opencms-core is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to insufficient input validation in the “title” field, allowing users with sufficient privileges to insert and execute malicious JavaScript code through the admin panel.

CPENameOperatorVersion
opencmsle16.0
opencmsle16.0

CPE	Name	Operator	Version
	opencms	le	16.0
	opencms	le	16.0

References

github.com/advisories/GHSA-vg6x-pchq-98mg

github.com/alkacon/opencms-core/commit/b05a5aca0f2b03042ddf2b2bb45fe2243a4084a7

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for VERACODE:47306