CVE-2023-6380
Open Redirect in Alkacon Software OpenCms
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter.
Se ha encontrado una vulnerabilidad de redirección abierta en el producto Open CMS que afecta a las versiones 14 y 15 de la plantilla 'Mercury'. Un atacante podría crear una URL especialmente manipulada y enviarla a un usuario específico para redirigirlo a un sitio malicioso y comprometerlo. La explotación de esta vulnerabilidad es posible debido al hecho de que no existe una sanitización adecuada del parámetro 'URI'.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-11-29 CVE Reserved
- 2023-12-13 CVE Published
- 2024-08-28 CVE Updated
- 2024-11-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
- CAPEC-178: Cross-Site Flashing
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacon-software-opencms | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Alkacon Search vendor "Alkacon" | Opencms Search vendor "Alkacon" for product "Opencms" | >= 14.0.0 < 16.0.0 Search vendor "Alkacon" for product "Opencms" and version " >= 14.0.0 < 16.0.0" | - |
Affected
| ||||||