CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-41446

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.1%

CVSS Severity

CVSS v3 Score 5.4

References

http://alkacon.com
http://opencms.com
https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-41446%20-%20Stored%20XSS%20in%20image%20copyright%20attribute.pdf
https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-41446%20-%20Stored%20XSS%20in%20image%20copyright%20attribute.pdf

Products affected by CVE-2024-41446

Alkacon » Opencms » Version: 17.0.0

cpe:2.3:a:alkacon:opencms:17.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-41446

Products

Pricing

Contact Us