VYPR
Unrated severityNVD Advisory· Published May 30, 2024· Updated Aug 1, 2024

Cross-Site Scripting stored in Alkacon OpenCMS

CVE-2024-5521

Description

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Alkacon/Opencmsllm-fuzzy2 versions
    = 16+ 1 more
    • (no CPE)range: = 16
    • (no CPE)range: 16

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.