| Title | Alkacon OpenCMS | Cross Site Scripting | v10.5.4 and before |
|---|
| Description | Description
- OpenCMS v10.5.4 and before is vulnerable to cross site scripting in New User module for parameter First Name and Last Name.
- Impacted URL is http://[your_webserver_ip]/opencms/system/workplace/admin/accounts/user_new.jsp
- Payload used is "TestXSS<img+src=x+onmouseover=alert(document.domain)"
Detailed steps to reproduce is documented here - https://github.com/alkacon/opencms-core/issues/635 |
|---|
| Source | ⚠️ https://github.com/alkacon/opencms-core/issues/635 |
|---|
| User | pramodrana (UID 2935) |
|---|
| Submission | 04/30/2019 13:04 (7 years ago) |
|---|
| Moderation | 05/07/2019 07:20 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 134437 [Alkacon OpenCms up to 10.5.4 user_new.jsp cross site scripting] |
|---|
| Points | 20 |
|---|