Description
A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.
Remediation
References
https://github.com/alkacon/opencms-core/commit/21bfbeaf6b038e2c03bb421ce7f0933dd7a7633e
https://github.com/alkacon/opencms-core/issues/652
Related Vulnerabilities
CVE-2021-32622 Vulnerability in npm package matrix-react-sdk
CVE-2021-26291 Vulnerability in maven package org.apache.maven:apache-maven
CVE-2021-25924 Vulnerability in maven package cd.go.plugin:go-plugin-api
CVE-2022-31129 Vulnerability in maven package org.webjars.bowergithub.moment:moment
CVE-2016-10531 Vulnerability in maven package org.webjars.npm:marked