CVSS 3.1 Score 6.4 of 10 (medium)


Published May 30, 2024


CVE-2024-5520 is a vulnerability found in Alkacon's OpenCMS version 16, which allows users with sufficient privileges to execute malicious JavaScript code by inserting it into the "title" field of web pages through the admin panel. This vulnerability is categorized as Cross-Site Scripting (CWE-79) and has a base severity rating of MEDIUM. The exploitability score is 3.1, indicating a moderate level of ease for attackers to exploit this vulnerability. The impact score is 2.7, with low integrity and confidentiality impacts. Remediation for this vulnerability involves updating to a patched version of OpenCMS and ensuring proper input validation to prevent script injection attacks.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-5520 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options