Security Advisory

CVE-2021-3312

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-08 14:44:58

Last updated 2024-08-03 16:53:17

Assigner mitre

State PUBLISHED

Description

An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the servers file system by uploading a crafted SVG document.

← Browse all CVEs View on cve.org ↗