Stored Cross-Site Scripting Vulnerability in Alkacon OpenCMS
CVE-2024-41446

5.4MEDIUM

Key Information:

Vendor: Alkacon Software
Status: OpenCMS
Vendor: CVE Published:; 21 April 2025

🔔 Create Alkacon Software Vulnerability Alert

What is CVE-2024-41446?

A severe stored cross-site scripting (XSS) vulnerability has been identified in Alkacon OpenCMS version 17.0. This flaw allows attackers to inject arbitrary web scripts or HTML into the application, utilizing a malicious payload specifically targeting the image parameter within the Create/Modify article function. If exploited, this vulnerability could result in unauthorized access or control over user sessions, potentially leading to data breaches and other security incidents.

References

http://alkacon.com

http://opencms.com

https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-4144...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2025
Vulnerability Reserved
Jul 18, 2024