CVE-2026-2735 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-a…
Medium CVSS: 5.1

CVE-2026-2735

Stored Cross-Site Scripting (XSS) in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter.
Vendor
Alkacon
Product
Opencms
CWE
CWE-79
Yayın Tarihi
2026-02-19 09:16:28
Güncelleme
2026-02-23 19:16:05
Source Identifier
cve-coordination@incibe.es
KEV Date Added
-

Kategoriler

CWE-79 Opencms MEDIUM Alkacon 2026

Referanslar

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacons-opencms