Cross Site Scripting | Alkacon OpenCMS v10.5.4 and before

[Pramod Rana <varchashva () gmail com>]

Description
 - OpenCMS v10.5.4 and before is vulnerable to cross site scripting in New
User module for parameter First Name and Last Name
 - Impacted URL is http://
[your_webserver_ip]/opencms/system/workplace/admin/accounts/user_new.jsp
 - Payload used is "TestXSS<img+src=x+onmouseover=alert(document.domain)"

Further details
 - https://github.com/alkacon/opencms-core/issues/635

Already requested for CVE, yet to receive it.