Low severityNVD Advisory· Published Aug 9, 2013· Updated Jun 16, 2026
CVE-2013-4600
CVE-2013-4600
Description
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.opencms:opencms-coreMaven | < 8.5.2 | 8.5.2 |
Affected products
13cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*range: <=8.5.1
- cpe:2.3:a:alkacon:opencms:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:alkacon:opencms:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:alkacon:opencms:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:alkacon:opencms:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:alkacon:opencms:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:alkacon:opencms:6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:alkacon:opencms:6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:alkacon:opencms:6.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:alkacon:opencms:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:alkacon:opencms:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:alkacon:opencms:8.5:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- archives.neohapsis.com/archives/bugtraq/2013-07/0113.htmlnvdExploit
- www.htbridge.com/advisory/HTB23160nvdExploit
- github.com/advisories/GHSA-4gfx-p2j4-w2vhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-4600ghsaADVISORY
- www.opencms.org/en/news/130710-opencms-v852-releasenotes.htmlnvdWEB
- github.com/alkacon/opencms-core/commit/72a05e3ea1cf692e2efce002687272e63f98c14aghsaWEB
- github.com/alkacon/opencms-core/issues/173nvdWEB
News mentions
0No linked articles in our index yet.