CVE-2024-42699 – OpenCMS Cross-Site Scripting (XSS)

April 21, 2025

CVE ID : CVE-2024-42699

Published : April 21, 2025, 3:15 p.m. | 3 hours, 47 minutes ago

Description : Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-12863 – OpenText Content Management CE Stored Cross-Site Scripting Vulnerability

Next Article CVE-2024-12862 – OpenText Content Server Unauthorized Deletion

Highlights

CVE-2025-42970 – SAPCAR Directory Traversal Vulnerability

July 7, 2025

CVE ID : CVE-2025-42970

Published : July 8, 2025, 1:15 a.m. | 35 minutes ago

Description : SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high privileged victim extracts this malicious archive, it is then processed by SAPCAR on their system, causing files to be extracted outside the intended directory and overwriting files in arbitrary locations. This vulnerability has a high impact on the integrity and availability of the application with no impact on confidentiality.

Severity: 5.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Development Release: KDE Linux 20250906

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

Health Monitoring Android App using SQLite

Health Monitoring Android App using SQLite

Convertedbook – Live LaTeX Preview in the Browser

Why browsers throttle JavaScript timers (and what to do about it)

Development Release: KDE Linux 20250906

Development Release: KDE Linux 20250906

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

CVE-2024-42699 – OpenCMS Cross-Site Scripting (XSS)

Under lock and key: Safeguarding business data with encryption

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

GuestSnippet – Free Guest Post Backlink Tool for SEOs & Bloggers

CVE-2025-3836 – Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

CVE-2025-4177 – Flynax Bridge – Unauthenticated User Deletion Vulnerability

Last Week in AI #317 – US AI Action Plan, EU AI guidelines split, ChatGPT Study Mode

CVE-2025-42970 – SAPCAR Directory Traversal Vulnerability

Windows 11 KB5058499 24H2 adds features, direct download links (.msu)

Enhance Email Validation with Laravel’s Fluent Email Rule Object

Hackers Actively Exploiting Zyxel RCE Vulnerability Via UDP Port

CVE-2024-42699 – OpenCMS Cross-Site Scripting (XSS)

Related Posts