Cross Site Scripting Vulnerability in Alkacon OpenCMS 17.0
CVE-2024-42699

6.5MEDIUM

Key Information:

Vendor: Alkacon Software
Status: OpenCMS
Vendor: CVE Published:; 21 April 2025

🔔 Create Alkacon Software Vulnerability Alert

What is CVE-2024-42699?

A Cross Site Scripting vulnerability exists in Alkacon OpenCMS 17.0 that allows remote attackers to inject malicious JavaScript payloads. This can be achieved through the image title sub-field in the image field while creating or modifying articles. If exploited, it can lead to unauthorized actions on behalf of users and potential data exposure.

References

https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-4269...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2025
Vulnerability Reserved
Aug 5, 2024