CVE-2024-41446

Medium CVSS: 5.4

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.

Vendor

Alkacon

Product

Opencms

CWE

CWE-79

Yayın Tarihi

2025-04-21 14:15:35

Güncelleme

2025-04-24 16:44:22

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Opencms MEDIUM Alkacon 2025

Referanslar

http://alkacon.com http://opencms.com https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-41446%20-%20Stored%20XSS%20in%20image%20copyright%20attribute.pdf https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-41446%20-%20Stored%20XSS%20in%20image%20copyright%20attribute.pdf

Benzer Kayıtlar

Medium

CVE-2026-2735

Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated whe…

Medium

CVE-2026-2736

Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in…

Medium

CVE-2024-42699

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to i…

Medium

CVE-2024-41447

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scr…