CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-6379

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.186

EPSS Ranking 95.0%

CVSS Severity

CVSS v3 Score 5.4

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacon-software-opencms
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacon-software-opencms

Products affected by CVE-2023-6379

Alkacon » Opencms » Version: 14.0.0

cpe:2.3:a:alkacon:opencms:14.0.0
Alkacon » Opencms » Version: 15.0.0

cpe:2.3:a:alkacon:opencms:15.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-6379

Products

Pricing

Contact Us