Security
Headlines

Headlines Latest CVEs

Headline

GHSA-vg6x-pchq-98mg: OpenCMS Cross-Site Scripting vulnerability

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon’s OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field. Another could having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image.

4 months ago

#xss #vulnerability #web #git #java

OpenCMS Cross-Site Scripting vulnerability

Moderate severity GitHub Reviewed Published May 30, 2024 to the GitHub Advisory Database • Updated May 30, 2024

ghsa: Latest News

GHSA-6hwr-6v2f-3m88: XXE in PHPSpreadsheet's XLSX reader

34 minutes ago

GHSA-r8w8-74ww-j4wh: PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks

35 minutes ago

GHSA-w9xv-qf98-ccq4: PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled

35 minutes ago

GHSA-5gpr-w2p5-6m37: PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file

36 minutes ago

GHSA-pf56-h9qf-rxq4: Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page

1 hour ago