CVE-2023-6380 MEDIUM

CVE-2023-6380: Open Redirect in Alkacon Software OpenCms

Vendor Alkacon

Product Open CMS

Weakness CWE-601 · Open redirect

Published December 13, 2023

Last update August 28, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter.

Key dates

02Disclosure timeline

December 13, 2023 CVE published

August 28, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-6380 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/601.html

Related vulnerabilities

Identifiers

CVE CVE-2023-6380

CWE CWE-601

CVSS 6.1 / MEDIUM

Affected versions

Vendor Alkacon

Product Open CMS

Affected 14

Vendor Alkacon

Product Open CMS

Affected 15

CVE-2023-6380: Open Redirect in Alkacon Software OpenCms

01Description

02Disclosure timeline

03References

04Related CVE