CVE-2018-8815

Published March 20th, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

3.5

LOW

Affected

PROJECT

Description

Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.

alkacon/opencms-core

The Java open source content management system by Alkacon Software

GitHub

567