cbcvebase.
CVE-2024-5521
published 2024-05-30

CVE-2024-5521: Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery…

PriorityP432medium6.4CVSS 3.1
AVNACLPRLUINSCCLILAN
EPSS
0.26%
17.6th percentile
Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image.

Affected

2 ranges
VendorProductVersion rangeFixed in
alkaconopencms
alkaconopencms
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.