cbcvebase.
CVE-2024-5520
published 2024-05-30

CVE-2024-5520: Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to…

PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.29%
20.2th percentile
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field.

Affected

8 ranges
VendorProductVersion rangeFixed in
alkaconopencms
alkaconopencms
gpacgpac>= 0 < 0.5.0+svn4288~dfsg1-4ubuntu1+esm20.5.0+svn4288~dfsg1-4ubuntu1+esm2
gpacgpac>= 0 < 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm20.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2
gpacgpac>= 0 < 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm10.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1
gpacgpac>= 0 < 0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm20.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2
gpacgpac>= 0 < 2.0.0+dfsg1-2ubuntu0.1~esm22.0.0+dfsg1-2ubuntu0.1~esm2
gpacgpac>= 0 < 2.2.1+dfsg1-3.1ubuntu0.1~esm22.2.1+dfsg1-3.1ubuntu0.1~esm2

CVSS provenance

nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
osv7.7HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.