Home

CVE-2006-3933

Description

Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body.

Risk Information

Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
Exploitation Probability
0.549

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2006-3936,CVE-2006-3935,CVE-2006-3934,CVE-2006-3933 are fixed in Opencms-opencms-core 6.2.2Windows
Vulnerabilities CVE-2006-3936,CVE-2006-3935,CVE-2006-3934,CVE-2006-3933 are fixed in Opencms-opencms-core for Linux 6.2.2Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234