CVE-2008-1300

Name of the Vulnerable Software and Affected Versions Alkacon OpenCms versions 7.0.3 through 7.0.4

Description A cross-site scripting (XSS) issue exists in the Logfile Viewer Settings function, allowing remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action.

Recommendations For versions 7.0.3 and 7.0.4, avoid using the filePath.0 parameter in the save action of the Logfile Viewer Settings function until a fix is available. As a temporary workaround, consider restricting access to the Logfile Viewer Settings function to minimize the risk of exploitation.