Headline
GHSA-m44f-9jhg-59cr: alkacon-OpenCMS vulnerable to stored Cross-site Scripting
A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.
alkacon-OpenCMS vulnerable to stored Cross-site Scripting
Moderate severity GitHub Reviewed Published May 16, 2023 to the GitHub Advisory Database • Updated May 17, 2023
Related news
CVE-2023-31544: Fixed XSS issue in gallery result view (github issue #652). · alkacon/opencms-core@21bfbea
A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.