Alkacon OpenCms XSS via username during login

GHSA-g4fc-j79q-gjrh · CVE-2005-4294

Published May 1, 2022 · Modified Jun 20, 2025

Description

Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2005-4294
WEB https://github.com/alkacon/opencms-core/commit/148f2126f61bf5fa3d9f8c669889ccab3b9dceac
PACKAGE https://github.com/alkacon/opencms-core
WEB http://www.opencms.org/opencms/en/download/opencms.html
WEB http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1910

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes