CVE-2024-41447

A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function.

Published: Apr 18, 2025
Updated: Jun 30, 2025
CVE: CVE-2024-41447
GHSA: GHSA-vq95-6x79-qv8j
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
alkacon / opencms	17.0.0	17.0.0.x
org.opencms / opencms-core	-	17.0.x

https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-41447%20-%20Stored%20XSS%20in%20author%20field.pdf
https://www.exploit-db.com/exploits/52209

Vulnerability Database

290,206

CVE-2024-41447