CVE-2013-4600
medium
CVSS v3
—
CVSS v2
4.3
VIR risk
4.3
Description
Alkacon OpenCMS XSS via title and requestedResource parameters
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.opencms:opencms-core | <8.5.2 | 8.5.2 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| alkacon | opencms | {"endIncluding":"8.5.1"} | |
| alkacon | opencms | 6.0.0 | |
| alkacon | opencms | 6.0.2 | |
| alkacon | opencms | 6.0.3 | |
| alkacon | opencms | 6.0.4 | |
| alkacon | opencms | 6.2 | |
| alkacon | opencms | 6.2.1 | |
| alkacon | opencms | 6.2.2 | |
| alkacon | opencms | 6.2.3 | |
| alkacon | opencms | 7.0.3 | |
| alkacon | opencms | 7.0.4 | |
| alkacon | opencms | 8.5 | |
References
- http://archives.neohapsis.com/archives/bugtraq/2013-07/0113.html
- http://www.opencms.org/en/news/130710-opencms-v852-releasenotes.html
- https://github.com/alkacon/opencms-core/issues/173
- https://www.htbridge.com/advisory/HTB23160
- https://nvd.nist.gov/vuln/detail/CVE-2013-4600
- https://github.com/alkacon/opencms-core/commit/72a05e3ea1cf692e2efce002687272e63f98c14a
- https://github.com/alkacon/opencms-core
CWEs
CWE-79
Verify integrity in audit chain (admin only). AS-IS.