| Titel | Alkacon OpenCMS | Cross Site Scripting | v10.5.4 and before |
|---|
| Beschreibung | Description
- OpenCMS v10.5.4 and before is vulnerable to cross site scripting in New User module for parameter First Name and Last Name.
- Impacted URL is http://[your_webserver_ip]/opencms/system/workplace/admin/accounts/user_new.jsp
- Payload used is "TestXSS<img+src=x+onmouseover=alert(document.domain)"
Detailed steps to reproduce is documented here - https://github.com/alkacon/opencms-core/issues/635 |
|---|
| Quelle | ⚠️ https://github.com/alkacon/opencms-core/issues/635 |
|---|
| Benutzer | pramodrana (UID 2935) |
|---|
| Einreichung | 30.04.2019 13:04 (vor 7 Jahren) |
|---|
| Moderieren | 07.05.2019 07:20 (7 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 134437 [Alkacon OpenCms bis 10.5.4 user_new.jsp Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|