CVE-2024-42699

Name of the Vulnerable Software and Affected Versions Alkacon OpenCMS version 17.0

Description A Cross Site Scripting vulnerability in the Create/Modify article function allows a remote attacker to inject a javascript payload via the image title sub-field in the image field.

Recommendations For Alkacon OpenCMS version 17.0, consider disabling the Create/Modify article function until a patch is available, or restrict access to the image title sub-field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.