Stored Cross-Site Scripting (XSS) in Alkacon OpenCMS v10.5.4 and Earlier
CVE-2019-11818 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded.
Learn more about our Cms Pen Testing.