GHSA-m44f-9jhg-59cr

Source

https://github.com/advisories/GHSA-m44f-9jhg-59cr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-m44f-9jhg-59cr/GHSA-m44f-9jhg-59cr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m44f-9jhg-59cr

Aliases

CVE-2023-31544

Published

2023-05-16T21:30:23Z

Modified

2024-02-16T07:54:07.090510Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

alkacon-OpenCMS vulnerable to stored Cross-site Scripting

Details

A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.

Database specific

{
    "nvd_published_at": "2023-05-16T21:15:09Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed_at": "2023-05-17T17:05:29Z"
}

References

Affected packages

Maven / org.opencms:opencms-core

Package

Name: org.opencms:opencms-core; View open source insights on deps.dev
Purl: pkg:maven/org.opencms/opencms-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

11.0.1

Affected versions

8.*

8.0.1

8.0.2

8.0.3

8.0.3-rev

8.0.3.1

8.0.4

8.5.0

8.5.1

8.5.2

9.*

9.0.0

9.0.1

9.5.0

9.5.1

9.5.2

9.5.3

10.*

10.0.0

10.0.1

10.5.0

10.5.1

10.5.2

10.5.3

10.5.4

11.*

11.0.0