Lucene search
Veracode Vulnerability DatabaseVERACODE:41705HistoryJul 25, 2023 - 5:21 a.m.
Cross Site Scripting (XSS)
2023-07-2505:21:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
opencms
cross site scripting
xss
vulnerability
svg file upload
javascript
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
55.5%
OpenCms is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to the /workplace#!explorer component which allows an attacker to inject and execute arbitrary JavaScript via uploading a crafted SVG file.
Related
nvd
nvd
CVE-2023-37602
2023-07-20 19:15:10
cve
cve
CVE-2023-37602
2023-07-20 19:15:10
osv
osv
CVE-2023-37602
2023-07-20 19:15:10
Alkacon OpenCMS arbitrary file upload vulnerability
2023-07-20 21:30:58
prion
prion
Privilege escalation
2023-07-20 19:15:00
cvelist
cvelist
CVE-2023-37602
2023-07-20 00:00:00
github
github
Alkacon OpenCMS arbitrary file upload vulnerability
2023-07-20 21:30:58
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.002
Percentile
55.5%
Related for VERACODE:41705