VYPR
Moderate severityNVD Advisory· Published Dec 13, 2023· Updated Oct 1, 2024

Cross-site Scripting in Alkacon Software OpenCms

CVE-2023-6379

Description

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.opencms:opencms-coreMaven
>= 14.0.0, < 16.0.016.0.0

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.