CVE-2024-41446 – Alkacon OpenCMS Stored XSS Vulnerability

April 21, 2025

CVE ID : CVE-2024-41446

Published : April 21, 2025, 2:15 p.m. | 4 hours, 47 minutes ago

Description : A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-43916 – Sonos API Open Redirection and Hardcoded Secret Vulnerability

Next Article CVE-2025-0467 – VMware GPU Firmware Memory Corruption

Highlights

CVE-2025-7066 – Jirafeau MIME Type Bypass Cross-Site Scripting Vulnerability

July 4, 2025

CVE ID : CVE-2025-7066

Published : July 4, 2025, 12:15 p.m. | 2 hours ago

Description : Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image (except for image/svg+xml, see CVE-2022-30110 and CVE-2024-12326), video and audio. However, it was possible to bypass this check by sending a manipulated MIME type containing a comma and an other MIME type like text/html (for example image/png,text/html). Browsers see multiple MIME types and text/html would takes precedence, allowing a possible attacker to do a cross-site scripting attack. The check for MIME types was enhanced to prevent a browser preview when the stored MIME type contains a comma.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Development Release: KDE Linux 20250906

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

Health Monitoring Android App using SQLite

Health Monitoring Android App using SQLite

Convertedbook – Live LaTeX Preview in the Browser

Why browsers throttle JavaScript timers (and what to do about it)

Development Release: KDE Linux 20250906

Development Release: KDE Linux 20250906

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

CVE-2024-41446 – Alkacon OpenCMS Stored XSS Vulnerability

Under lock and key: Safeguarding business data with encryption

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

CVE-2024-49196 – Samsung Mobile Processor Exynos GPU Type Confusion Denial of Service

CVE-2025-3452 – SecuPress Free WordPress Security Plugin Unauthorized Plugin Installation Vulnerability

The WAVLab Team is Releases of VERSA: A Comprehensive and Versatile Evaluation Toolkit for Assessing Speech, Audio, and Music Signals

Best early Prime Day headphones deals: My 12 favorite sales live now

CVE-2025-7066 – Jirafeau MIME Type Bypass Cross-Site Scripting Vulnerability

CVE-2025-26383 – Apache iSTAR Memory Information Disclosure

CVE-2025-6844 – Simple Forum SQL Injection Vulnerability

Innovate business logic by implementing return of control in Amazon Bedrock Agents

CVE-2024-41446 – Alkacon OpenCMS Stored XSS Vulnerability

Related Posts