Detections
Analytics
OpenCMS < 17.0.0 Multiple Vulnerabilities
medium Web App Scanning Plugin ID 115133
Language:
Synopsis
OpenCMS < 17.0.0 Multiple VulnerabilitiesDescription
According to its self-reported version number, the detected OpenCMS application is affected by multiple vulnerabilities :- A Cross-Site Scripting which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code.
- A Cross-Site Scripting which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the "title" field.
Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to OpenCMS 17.0.0 or later.See Also
Plugin Details
Severity: Medium
ID: 115133
Type: remote
Family: Component Vulnerability
Published: 2/11/2026
Updated: 2/11/2026
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Medium
Base Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS Score Source: CVE-2024-5520
CVSS v3
Risk Factor: Medium
Base Score: 6.4
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CVSS Score Source: CVE-2024-5521
Vulnerability Information
CPE: cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 5/29/2024
Reference Information
CVE: CVE-2024-5520, CVE-2024-5521
CWE: 79
OWASP: 2010-A2, 2013-A3, 2013-A9, 2017-A7, 2017-A9, 2021-A3, 2021-A6, 2025-A5, 2025-A6
WASC: Cross-Site Scripting
CAPEC: 209, 588, 591, 592, 63, 85
DISA STIG: APSC-DV-002490, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.14.2.5
NIST: sp800_53-CM-6b, sp800_53-SI-10
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-14.2.1, 4.0.2-5.3.3