Alkacon OpenCMS XSS via title and requestedResource parameters

GHSA-4gfx-p2j4-w2vh · CVE-2013-4600

Published May 17, 2022 · Modified Jun 20, 2025

Description

Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2013-4600
WEB https://github.com/alkacon/opencms-core/issues/173
WEB https://github.com/alkacon/opencms-core/commit/72a05e3ea1cf692e2efce002687272e63f98c14a
PACKAGE https://github.com/alkacon/opencms-core
WEB http://www.opencms.org/en/news/130710-opencms-v852-releasenotes.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes