CVE-2019-13236: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

November 12, 2019 (updated August 18, 2021)

In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface.

References

aetsu.github.io/OpenCms
github.com/advisories/GHSA-7qqr-3pj3-q2f5
github.com/alkacon/opencms-core/commits/branch_10_5_x
nvd.nist.gov/vuln/detail/CVE-2019-13236

Detect and mitigate CVE-2019-13236 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →