Miggo Logo
Miggo Vulnerability Database
CVE-2024-41446

CVE-2024-41446: OpenCMS cross-site scripting (XSS) vulnerability

5.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-41446
GHSA ID
GHSA-7m3w-m5g3-cc88
EPSS Score
0.16192%
CWE
CWE-79
Published
4/21/2025
Updated
4/21/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.opencms:opencms-coremaven<= 17.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided information (NVD, GitHub Advisory, and a PDF link) does not contain specific commit details, code patches, or direct references to the vulnerable source code files and function names. The PDF, which might have offered more technical insight, was not parseable as text. Without this information, it's impossible to identify the precise functions involved in the vulnerability or those modified in a patch. The description mentions 'Create/Modify article function' and an 'image parameter', but these are user-level descriptions, not specific code identifiers.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* stor** *ross-sit* s*riptin* (XSS) vuln*r**ility in *lk**on Op*n*MS v**.* *llows *tt**k*rs to *x**ut* *r*itr*ry w** s*ripts or *TML vi* * *r**t** p*ylo** inj**t** into t** im*** p*r*m*t*r un**r t** *r**t*/Mo*i*y *rti*l* *un*tion.

Reasoning

T** provi*** in*orm*tion (NV*, *it*u* **visory, *n* * P** link) *o*s not *ont*in sp**i*i* *ommit **t*ils, *o** p*t***s, or *ir**t r***r*n**s to t** vuln*r**l* sour** *o** *il*s *n* *un*tion n*m*s. T** P**, w*i** mi**t **v* o***r** mor* t***ni**l insi