Stored Cross-Site Scripting (XSS) in Alkacon OpenCMS v10.5.4 and Earlier

Stored Cross-Site Scripting (XSS) in Alkacon OpenCMS v10.5.4 and Earlier

CVE-2019-11818 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded.

Learn more about our Cms Pen Testing.