CVE-2019-11819

Alkacon OpenCMS v10.5.4 and before is affected by CSV (aka Excel Macro) Injection in the module New User (/opencms/system/workplace/admin/accounts/user_new.jsp) via the First Name or Last Name. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt