Stored Cross-Site Scripting in Alkacon OpenCMS by Alkacon Software
CVE-2024-41447

Currently unrated

Key Information:

Vendor: Alkacon Software
Status: Alkacon OpenCMS
Vendor: CVE Published:; 18 April 2025

🔔 Create Alkacon Software Vulnerability Alert

What is CVE-2024-41447?

A stored cross-site scripting (XSS) vulnerability has been identified in Alkacon OpenCMS version 17.0, which allows attackers to inject arbitrary web scripts or HTML into the application. This vulnerability occurs through the author parameter within the Create/Modify article function, enabling the execution of malicious payloads that can compromise the security of affected systems and the integrity of user interactions.

References

https://www.exploit-db.com/exploits/52209

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2025