org.opencms:opencms-core@19.0 vulnerabilities
latest version
19.0
first published
13 years ago
latest version published
26 days ago
licenses detected
- [9.0.0,)
package registry
Direct Vulnerabilities
Known vulnerabilities in the org.opencms:opencms-core package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the author field when publishing an article. How to fix Cross-site Scripting (XSS)? There is no fixed version for | [0,) |
org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in Create/Modify article function via the image copyright sub-field in the image field. How to fix Cross-site Scripting (XSS)? There is no fixed version for | [0,) |
org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in Create/Modify article function via the image title sub-field in the image field. How to fix Cross-site Scripting (XSS)? There is no fixed version for | [0,) |
org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via SVG image uploads. An attacker can execute arbitrary scripts in the context of another user's session by uploading malicious SVG files. The code will be executed the moment another user accesses the image. Notes:
How to fix Cross-site Scripting (XSS)? There is no fixed version for | [0,) |