Lucene search
+L

5 matches found

NVD
NVD
added 2023/12/13 11:15 a.m.20 views

CVE-2023-6379

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...

6.1CVSS0.01752EPSS
Exploits0References1
CVE
CVE
added 2023/12/13 10:52 a.m.90 views

CVE-2023-6379

Affected software: Alkacon Software Open CMS (Mercury template) v14–v15. Vulnerability: Cross-site scripting (XSS) via the Mercury template. Unauthenticated attackers can inject arbitrary JavaScript through multiple parameters on OpenCMS Mercury pages, potentially leading to session cookie theft ...

6.1CVSS5.8AI score0.01752EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/13 10:52 a.m.37 views

CVE-2023-6379 Cross-site Scripting in Alkacon Software OpenCms

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...

5.4CVSS6.3AI score0.01752EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/13 10:52 a.m.25 views

CVE-2023-6379 Cross-site Scripting in Alkacon Software OpenCms

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...

5.4CVSS6.1AI score0.01752EPSS
Exploits0References1
OSV
OSV
added 2023/12/13 10:52 a.m.21 views

CVE-2023-6379 Cross-site Scripting in Alkacon Software OpenCms

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session...

5.4CVSS6AI score0.01752EPSS
Exploits0References3
Rows per page
Query Builder