Low severityNVD Advisory· Published Jul 31, 2006· Updated Jun 16, 2026
CVE-2006-3933
CVE-2006-3933
Description
Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.opencms:opencms-coreMaven | < 6.2.2 | 6.2.2 |
Affected products
7cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*range: <=6.2.1
- cpe:2.3:a:alkacon:opencms:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:alkacon:opencms:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:alkacon:opencms:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:alkacon:opencms:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:alkacon:opencms:6.2:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
10- www.opencms.org/export/download/opencms/opencms_6.2.2_src.zipnvdPatch
- www.opencms.org/opencms/en/shownews.htmlnvdPatchWEB
- o0o.nu/~meder/OpenCMS_multiple_vulnerabilities.txtnvdExploitWEB
- secunia.com/advisories/21193nvdExploitPatchVendor Advisory
- github.com/advisories/GHSA-gj9c-69cm-7c37ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2006-3933ghsaADVISORY
- securityreason.com/securityalert/1302nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/28033nvdWEB
- github.com/alkacon/opencms-core/commit/e2d3754ef27e8e8e122700bdb3f59e6e15995baeghsaWEB
- www.securityfocus.com/archive/1/441182/100/0/threadednvd
News mentions
0No linked articles in our index yet.