gWestenberger

2 exploits Active since May 2023

CVE-2026-38429 WRITEUP CRITICAL WRITEUP

OpenCMS v20 - XML External Entity Injection

OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml.

CVSS 9.8

View Code

CVE-2023-31544 WRITEUP MEDIUM WRITEUP

alkacon OpenCMS 11.0.0.0 - Stored Cross-Site Scripting via Upload Image Title Field

A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.

CVSS 5.4

View Code