{"id":"CVE-2019-11818","details":"Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting (XSS) in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp). This allows an attacker to insert arbitrary JavaScript as user input (First Name or Last Name), which will be executed whenever the affected snippet is loaded.","aliases":["GHSA-c8j6-gqq8-4prj"],"modified":"2026-04-10T04:11:56.565939Z","published":"2019-05-08T16:29:00.737Z","references":[{"type":"EVIDENCE","url":"https://www.openwall.com/lists/oss-security/2019/04/30/3"},{"type":"EVIDENCE","url":"https://github.com/alkacon/opencms-core/issues/635"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/alkacon/opencms-core","events":[{"introduced":"0"},{"last_affected":"86ae0830160f353685212dae48d383e594dfd322"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"10.5.4"}]}}],"versions":["build_10_0_0","build_10_0_0_alpha_1","build_10_0_0_alpha_1u","build_10_0_0_alpha_2","build_10_0_0_beta","build_10_0_0_beta3","build_10_0_0_beta4","build_10_0_0_beta_2","build_10_5_0","build_10_5_0_1","build_10_5_0_2","build_10_5_0_3","build_10_5_0_5","build_10_5_0_beta","build_10_5_1","build_10_5_2","build_10_5_3","build_10_5_4","build_10_5_x_cmsdays","build_4_7_10","build_4_7_11","build_4_7_12","build_4_7_13","build_4_7_14","build_4_7_6","build_4_7_8","build_4_7_9","build_5_0_0","build_5_0_0_beta_1","build_5_0_0_beta_2","build_5_0_0_rc_1","build_5_0_0_rc_2","build_5_1_0","build_5_1_1","build_5_1_10","build_5_1_11","build_5_1_12","build_5_1_3","build_5_1_4","build_5_1_5","build_5_1_6","build_5_1_7","build_5_1_8","build_5_1_9","build_5_3_1","build_5_3_3","build_5_3_4","build_5_3_5","build_5_3_6","build_5_5_1","build_5_5_2","build_5_5_3","build_5_5_4","build_5_7_1","build_5_7_2","build_5_7_3","build_5_9_1","build_5_9_2","build_6_0_0","build_6_0_1","build_6_0_2","build_6_0_3","build_6_0_4","build_6_0_5","build_6_1_13","build_6_2_0","build_6_2_1","build_6_2_2","build_6_2_3","build_7_0_0","build_7_0_1","build_7_0_2","build_7_0_4","build_7_3_0","build_7_5_0_beta_1","build_7_9_2","build_8_0_0","build_8_0_1","build_8_0_2","build_8_0_2_1","build_8_0_3","build_8_5_0","build_8_5_1","build_8_7_0","build_8_9_0","build_9_0_0","build_9_0_0_1","build_9_5_0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11818.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}