Vulnerability DatabaseCVE-2019-13236
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2019-13236
August 27, 2019
In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.
Affected Packages
org.opencms:opencms-core (JAVA):
Affected version(s) >=8.0.1 <11.0.1
Fix Suggestion:
Update to version 11.0.1
Related Resources (5)
http://packetstormsecurity.com/files/154283/Alkacon-OpenCMS-10.5.x-Cross-Site-Scripting.html
https://github.com/alkacon/opencms-core/commits/branch_10_5_x
https://nvd.nist.gov/vuln/detail/CVE-2019-13236
https://aetsu.github.io/OpenCms
https://twitter.com/aetsu/status/1152096227938459648
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
LOW
Subsequent System Integrity
LOW
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
CVSS v2
Base Score:
4.3
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79
EPSS
Base Score:
3.60