CVE Alert: CVE-2024-42699

Vulnerability Summary: CVE-2024-42699

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field

Affected Endpoints:

No affected endpoints listed.

Published Date:

4/21/2025, 3:15:58 PM

⚠️ CVSS Score:

CVSS v3 Score: 6.5 (Medium)

Exploit Status:

Not Exploited

References:

https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-42699%20-%20Stored%20XSS%20in%20image%20title.pdf

Recommended Action:

No proposed action available. Please refer to vendor documentation for updates.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, OSINT, threatintel

Vulnerability Summary: CVE-2024-42699

Affected Endpoints:

Published Date:

⚠️ CVSS Score:

Exploit Status:

References:

Recommended Action:

Ghost-Route – Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)

Cobalt Strike Beacon Detected – 115[.]120[.]232[.]177:4444

Cobalt Strike Beacon Detected – 39[.]105[.]197[.]12:443

CVE Alert: CVE-2025-29287

CVE Alert: CVE-2025-29659

Vulnerability Summary: CVE-2024-42699

Affected Endpoints:

Published Date:

⚠️ CVSS Score:

Exploit Status:

References:

Recommended Action:

You may have missed

Ghost-Route – Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)

Cobalt Strike Beacon Detected – 115[.]120[.]232[.]177:4444

Cobalt Strike Beacon Detected – 39[.]105[.]197[.]12:443

CVE Alert: CVE-2025-29287

CVE Alert: CVE-2025-29659