CVE-2024-41446: 
Java vulnerability analysis and mitigation

A stored cross-site scripting (XSS) vulnerability has been identified in Alkacon OpenCMS version 17.0. The vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the image parameter under the Create/Modify article function (NVD).

The vulnerability is classified as a stored cross-site scripting (XSS) issue affecting the Create/Modify article functionality in OpenCMS. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The issue specifically involves the image parameter where malicious web scripts or HTML can be injected and stored (CISA-ADP).

When successfully exploited, this vulnerability allows attackers to execute arbitrary web scripts or HTML in the context of other users' browsers who access the affected content. This could lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the affected users (NVD).

Users of Alkacon OpenCMS v17.0 should monitor for security updates from the vendor and apply them when available. As this is a recently disclosed vulnerability, specific patch information has not yet been released (Alkacon, OpenCMS).