CVE-2018-8815

Name of the Vulnerable Software and Affected Versions Alkacon OpenCMS version 10.5.3

Description A cross-site scripting (XSS) issue exists in the gallery function, allowing remote attackers to inject arbitrary web script or HTML via a malicious SVG image. This can be exploited by attackers to execute malicious code on the victim's browser.

Recommendations For Alkacon OpenCMS version 10.5.3, consider disabling the gallery function until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the gallery module to minimize the risk of exploitation. Avoid using the gallery function with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.