GHSA-vg6x-pchq-98mg

Suggest an improvement
Source
https://github.com/advisories/GHSA-vg6x-pchq-98mg
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-vg6x-pchq-98mg/GHSA-vg6x-pchq-98mg.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vg6x-pchq-98mg
Aliases
  • CVE-2024-5520
Published
2024-05-30T19:49:04Z
Modified
2024-05-30T20:11:53.397705Z
Severity
  • 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
Summary
OpenCMS Cross-Site Scripting vulnerability
Details

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user: with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the title field. Another could having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image.

References

Affected packages

Maven / org.opencms:opencms-core

Package

Name
org.opencms:opencms-core
View open source insights on deps.dev
Purl
pkg:maven/org.opencms/opencms-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
16.0
Fixed
17.0

Affected versions

16.*

16.0