In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.
Max CVSS
6.1
EPSS Score
0.12%
Published
2019-08-27
Updated
2019-09-02
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded.
Max CVSS
6.1
EPSS Score
0.14%
Published
2019-05-08
Updated
2019-05-08
2 vulnerabilities found