[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Cross Site Scripting | Alkacon OpenCMS v10.5.4 and before
From: Pramod Rana <varchashva () gmail ! com>
Date: 2019-04-30 10:53:25
Message-ID: CALv8orF=CQRBqzOj_P06KV6Hasg60WLZ3jOg=WDJUXSzwNu7SQ () mail ! gmail ! com
[Download RAW message or body]
Description
- OpenCMS v10.5.4 and before is vulnerable to cross site scripting in New
User module for parameter First Name and Last Name
- Impacted URL is http://
[your_webserver_ip]/opencms/system/workplace/admin/accounts/user_new.jsp
- Payload used is "TestXSS<img+src=x+onmouseover=alert(document.domain)"
Further details
- https://github.com/alkacon/opencms-core/issues/635
Already requested for CVE, yet to receive it.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic