Vulnerabilities > Alkacon > Opencms > 16.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-30 | CVE-2024-5520 | Cross-site Scripting vulnerability in Alkacon Opencms 16.0.0 Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field. | 5.4 |
| 2024-05-30 | CVE-2024-5521 | Cross-site Scripting vulnerability in Alkacon Opencms 16.0.0 Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. | 6.4 |