Alkacon: >> Opencms >> 10.5.5 Security Vulnerabilities
In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-19
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.
CVSS Score
6.1
EPSS Score
0.043
Published
2019-08-27
Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2010-03-26