Description
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.
Remediation
References
https://github.com/alkacon/opencms-core/issues/587
https://www.exploit-db.com/exploits/44392/
Related Vulnerabilities
CVE-2023-26156 Vulnerability in npm package chromedriver
CVE-2021-38296 Vulnerability in maven package org.apache.spark:spark-core
CVE-2020-7781 Vulnerability in npm package connection-tester
CVE-2021-23631 Vulnerability in npm package convert-svg-core
CVE-2023-33246 Vulnerability in maven package org.apache.rocketmq:rocketmq-broker