CVE-2024-5521
published 2024-05-30CVE-2024-5521: Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery…
PriorityP432medium6.4CVSS 3.1
AVNACLPRLUINSCCLILAN
EPSS
0.26%
17.6th percentile
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alkacon | opencms | — | — |
| alkacon | opencms | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
Suricata
ET EXPLOIT Netgear passwordrecovered.cgi attempt
suricata·2014-01-15
CVE-2017-5521 ET EXPLOIT Netgear passwordrecovered.cgi attempt
ET EXPLOIT Netgear passwordrecovered.cgi attempt
Rule: alert http any any -> any any (msg:"ET EXPLOIT Netgear passwordrecovered.cgi attempt"; flow:established,to_server; http.method; content:"POST"; nocase; http.uri; content:"/passwordrecovered.cgi?id="; nocase; reference:url,www.securityfocus.com/archive/1/530743/30/0/threaded; reference:url,www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2017-003/?fid=8911; reference:cve,2017-5521; classtype:attempted-admin; sid:2017969; rev:6; metadata:created_at 2014_01_15, cve CVE_2017_5521, signature_severity Major, updated_at 2024_03_06;)
No public exploits indexed.
No writeups or analysis indexed.
2024-05-30
Published