Moderate severityNVD Advisory· Published Dec 13, 2023· Updated Oct 1, 2024
Cross-site Scripting in Alkacon Software OpenCms
CVE-2023-6379
Description
Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.opencms:opencms-coreMaven | >= 14.0.0, < 16.0.0 | 16.0.0 |
Affected products
2- Alkacon/Open CMSv5Range: 14
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.