CVE-2024-5521

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-5521

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-5521.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-5521

Published

2024-05-30T12:15:11Z

Modified

2025-04-10T20:51:45.743032Z

Severity

6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be executed the moment another user accesses the image.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-stored-alkacon-opencms

Affected packages

Git / github.com/alkacon/opencms-core

Affected ranges

Type: GIT
Repo: https://github.com/alkacon/opencms-core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

773f1d2c19a861bb0ab2bbaab97bd3bae5a76063

Affected versions

Other

build_10_0_0

build_10_0_0_alpha_1

build_10_0_0_alpha_1u

build_10_0_0_alpha_2

build_10_0_0_beta

build_10_0_0_beta3

build_10_0_0_beta4

build_10_0_0_beta_2

build_10_5_0

build_10_5_0_1

build_10_5_0_2

build_10_5_0_3

build_10_5_0_5

build_10_5_0_beta

build_10_5_1

build_10_5_2

build_10_5_3

build_10_5_x_cmsdays

build_11_0_0

build_11_0_0_beta

build_11_0_0_beta_2

build_11_0_0_rc

build_11_0_1

build_12_0_0

build_13_0_0

build_14_0_0

build_15_0_0

build_16_0_0

build_4_7_10

build_4_7_11

build_4_7_12

build_4_7_13

build_4_7_14

build_4_7_6

build_4_7_8

build_4_7_9

build_5_0_0

build_5_0_0_beta_1

build_5_0_0_beta_2

build_5_0_0_rc_1

build_5_0_0_rc_2

build_5_1_0

build_5_1_1

build_5_1_10

build_5_1_11

build_5_1_12

build_5_1_3

build_5_1_4

build_5_1_5

build_5_1_6

build_5_1_7

build_5_1_8

build_5_1_9

build_5_3_1

build_5_3_3

build_5_3_4

build_5_3_5

build_5_3_6

build_5_5_1

build_5_5_2

build_5_5_3

build_5_5_4

build_5_7_1

build_5_7_2

build_5_7_3

build_5_9_1

build_5_9_2

build_6_0_0

build_6_0_1

build_6_0_2

build_6_0_3

build_6_0_4

build_6_0_5

build_6_1_13

build_6_2_0

build_6_2_1

build_6_2_2

build_6_2_3

build_7_0_0

build_7_0_1

build_7_0_2

build_7_0_4

build_7_3_0

build_7_5_0_beta_1

build_7_9_2

build_8_0_0

build_8_0_1

build_8_0_2

build_8_0_2_1

build_8_0_3

build_8_5_0

build_8_5_1

build_8_7_0

build_8_9_0

build_9_0_0

build_9_0_0_1

build_9_0_1

build_9_5_0

build_9_5_1

build_9_5_2