Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2019-11818 Vulnerability in maven package org.opencms:org.opencms.workplace.tools.accounts

Description

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded.

Remediation

References

https://github.com/alkacon/opencms-core/issues/635

https://www.openwall.com/lists/oss-security/2019/04/30/3

Related Vulnerabilities

CVE-2022-45207 Vulnerability in maven package org.jeecgframework.boot:jeecg-module-system

CVE-2021-32573 Vulnerability in npm package express-cart

CVE-2022-31160 Vulnerability in npm package jquery-ui

CVE-2023-22894 Vulnerability in npm package @strapi/strapi

CVE-2019-11819 Vulnerability in maven package org.opencms:org.opencms.workplace.tools.accounts

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Third Party Advisory Mailing List