CVE-2023-31544: XSS
First published: Tue May 16 2023(Updated: )
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Alkacon OpenCMS | =11.0 | |
| Alkacon OpenCMS | =11.0-beta | |
| Alkacon OpenCMS | =11.0-beta2 | |
| Alkacon OpenCMS | =11.0-rc | |
| maven/org.opencms:opencms-core | <11.0.1 | 11.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-31544?
The severity of CVE-2023-31544 is medium (5.4).
How does the stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 work?
The vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Title field under the Upload Image module.
Which software versions are affected by CVE-2023-31544?
The vulnerability affects Alkacon OpenCMS versions 11.0, 11.0-beta, 11.0-beta2, and 11.0-rc.
How can I fix the stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0?
To fix the vulnerability, update to a patched version of Alkacon OpenCMS.
Where can I find more information about CVE-2023-31544?
You can find more information about CVE-2023-31544 on the GitHub commit and issue pages.
- collector/nvd-index
- collector/github-advisory-latest
- alias/GHSA-m44f-9jhg-59cr
- alias/CVE-2023-31544
- collector/nvd-cve
- collector/github-advisory
- vendor/alkacon
- product/opencms
- canonical/alkacon opencms
- package-manager/maven