Vulnerability Details CVE-2019-11818
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2019-11818
-
cpe:2.3:a:alkacon:opencms:10
-
cpe:2.3:a:alkacon:opencms:10.0.0
-
cpe:2.3:a:alkacon:opencms:10.0.1
-
cpe:2.3:a:alkacon:opencms:10.5
-
cpe:2.3:a:alkacon:opencms:10.5.1
-
cpe:2.3:a:alkacon:opencms:10.5.2
-
cpe:2.3:a:alkacon:opencms:10.5.3
-
cpe:2.3:a:alkacon:opencms:10.5.4
-
cpe:2.3:a:alkacon:opencms:6.0.0
-
cpe:2.3:a:alkacon:opencms:6.0.2
-
cpe:2.3:a:alkacon:opencms:6.0.3
-
cpe:2.3:a:alkacon:opencms:6.0.4
-
cpe:2.3:a:alkacon:opencms:6.2
-
cpe:2.3:a:alkacon:opencms:6.2.1
-
cpe:2.3:a:alkacon:opencms:6.2.2
-
cpe:2.3:a:alkacon:opencms:6.2.3
-
cpe:2.3:a:alkacon:opencms:7.0.3
-
cpe:2.3:a:alkacon:opencms:7.0.4
-
cpe:2.3:a:alkacon:opencms:8
-
cpe:2.3:a:alkacon:opencms:8.0.1
-
cpe:2.3:a:alkacon:opencms:8.0.2
-
cpe:2.3:a:alkacon:opencms:8.0.3
-
cpe:2.3:a:alkacon:opencms:8.0.4
-
cpe:2.3:a:alkacon:opencms:8.5
-
cpe:2.3:a:alkacon:opencms:8.5.1
-
cpe:2.3:a:alkacon:opencms:8.5.2
-
cpe:2.3:a:alkacon:opencms:9
-
cpe:2.3:a:alkacon:opencms:9.0.1
-
cpe:2.3:a:alkacon:opencms:9.5
-
cpe:2.3:a:alkacon:opencms:9.5.1
-
cpe:2.3:a:alkacon:opencms:9.5.2
-
cpe:2.3:a:alkacon:opencms:9.5.3