Low severityNVD Advisory· Published May 24, 2006· Updated Jun 16, 2026
CVE-2006-2571
CVE-2006-2571
Description
Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.opencms:opencms-coreMaven | >= 6.0.0, < 6.0.4 | 6.0.4 |
Affected products
4Patches
Vulnerability mechanics
References
10- secunia.com/advisories/20251nvdPatchVendor Advisory
- www.eazel.es/media/advisory002-OpenCms-Xml-Content-Demo-search-engine-Cross-site-scripting.htmlnvdExploit
- github.com/advisories/GHSA-pmfx-p95x-cg4pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2006-2571ghsaADVISORY
- github.com/alkacon/opencms-core/commit/9c7389a12c1d13879fc0bc2e9ce103b742c7ada5ghsaWEB
- github.com/alkacon/opencms-core/commit/dd09a85fae8405052906e426a91c1e8483356c53ghsaWEB
- securitytracker.com/idnvd
- www.osvdb.org/25710nvd
- www.securityfocus.com/archive/1/434932/100/0/threadednvd
- www.vupen.com/english/advisories/2006/1931nvd
News mentions
0No linked articles in our index yet.