CVE-2023-31544
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-31544
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31544.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-31544
- Aliases
- Published
- 2023-05-16T21:15:09Z
- Modified
- 2025-10-21T13:15:55.065244Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.
- References
Affected packages
Git / github.com/alkacon/opencms-core
Affected ranges
- Type
- GIT
- Repo
- https://github.com/alkacon/opencms-core
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
build_10_0_0
build_10_0_0_alpha_1
build_10_0_0_alpha_1u
build_10_0_0_alpha_2
build_10_0_0_beta
build_10_0_0_beta3
build_10_0_0_beta4
build_10_0_0_beta_2
build_10_5_0
build_10_5_0_1
build_10_5_0_2
build_10_5_0_3
build_10_5_0_5
build_10_5_0_beta
build_10_5_1
build_10_5_2
build_10_5_3
build_10_5_x_cmsdays
build_11_0_0
build_11_0_0_beta
build_11_0_0_beta_2
build_11_0_0_rc
build_4_7_10
build_4_7_11
build_4_7_12
build_4_7_13
build_4_7_14
build_4_7_6
build_4_7_8
build_4_7_9
build_5_0_0
build_5_0_0_beta_1
build_5_0_0_beta_2
build_5_0_0_rc_1
build_5_0_0_rc_2
build_5_1_0
build_5_1_1
build_5_1_10
build_5_1_11
build_5_1_12
build_5_1_3
build_5_1_4
build_5_1_5
build_5_1_6
build_5_1_7
build_5_1_8
build_5_1_9
build_5_3_1
build_5_3_3
build_5_3_4
build_5_3_5
build_5_3_6
build_5_5_1
build_5_5_2
build_5_5_3
build_5_5_4
build_5_7_1
build_5_7_2
build_5_7_3
build_5_9_1
build_5_9_2
build_6_0_0
build_6_0_1
build_6_0_2
build_6_0_3
build_6_0_4
build_6_0_5
build_6_1_13
build_6_2_0
build_6_2_1
build_6_2_2
build_6_2_3
build_7_0_0
build_7_0_1
build_7_0_2
build_7_0_4
build_7_3_0
build_7_5_0_beta_1
build_7_9_2
build_8_0_0
build_8_0_1
build_8_0_2
build_8_0_2_1
build_8_0_3
build_8_5_0
build_8_5_1
build_8_7_0
build_8_9_0
build_9_0_0
build_9_0_0_1
build_9_0_1
build_9_5_0
build_9_5_1
build_9_5_2
Database specific
vanir_signatures
[
{
"source": "https://github.com/alkacon/opencms-core/commit/21bfbeaf6b038e2c03bb421ce7f0933dd7a7633e",
"id": "CVE-2023-31544-35e7becd",
"deprecated": false,
"target": {
"function": "generateTooltipHtml",
"file": "src-gwt/org/opencms/ade/galleries/client/ui/CmsResultItemWidget.java"
},
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"length": 520.0,
"function_hash": "50429665448565272100370540995517851942"
}
},
{
"source": "https://github.com/alkacon/opencms-core/commit/21bfbeaf6b038e2c03bb421ce7f0933dd7a7633e",
"id": "CVE-2023-31544-3c69bf3e",
"deprecated": false,
"target": {
"file": "src-gwt/org/opencms/ade/galleries/client/ui/CmsResultItemWidget.java"
},
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"91927551225445991945862037228577807679",
"63589510644510606645000682509175811155",
"12985639700293883131514078984697374378",
"321412344255156343060728942899010204069",
"29709425315528441144474906284849667035",
"176218194143383261642092853321414469115",
"34124468324456792625486543789398795913",
"167988049204659269185275283547638679337",
"144622807873684244434351208354175467958",
"171982460249227650780292751700688469575",
"252697926200555455118742149712327222353",
"201650612098034476215297017149903619819",
"169069705265304883125399644935528488412",
"298412032077307482883387501341329868144",
"44764525019660168099488567987899443185",
"8972207384109697615279536948673426749",
"207108137154084279567484555127082245488",
"61922241573248349211335395071226610392"
]
}
}
]