opencms-gwt is vulnerable to Cross-site Scripting (XSS). The vulnerability exists in the generateTooltipHtml
function of CmsResultItemWidget.java
, which allows an attacker to inject and execute malicious javascript or HTML through the Title
field under the upload image module.