Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-w62v-q77r-66cc

Опубликовано: 13 дек. 2023
Источник: github
Github: Прошло ревью
CVSS3: 5.4

Описание

Alkacon OpenCMS XSS via Mercury template

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session.

Ссылки

Пакеты

Наименование

org.opencms:opencms-core

maven
Затронутые версииВерсия исправления

>= 14.0.0, < 16.0.0

16.0.0

EPSS

Процентиль: 95%
0.18616
Средний

5.4 Medium

CVSS3

CVE ID

CVE-2023-6379

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2023-6379

CVSS3: 5.4
nvd
около 2 лет назад

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session.

EPSS

Процентиль: 95%
0.18616
Средний

5.4 Medium

CVSS3

CVE ID

CVE-2023-6379

Дефекты

CWE-79