GHSA-w62v-q77r-66cc

Source

https://github.com/advisories/GHSA-w62v-q77r-66cc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-w62v-q77r-66cc/GHSA-w62v-q77r-66cc.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-w62v-q77r-66cc

Aliases

CVE-2023-6379

Published

2023-12-13T12:30:43Z

Modified

2025-06-20T16:44:25.169899Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Alkacon OpenCMS XSS via Mercury template

Details

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to a victim and partially take control of their browsing session.

Database specific

{
    "nvd_published_at": "2023-12-13T11:15:07Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed_at": "2025-06-20T16:04:52Z",
    "github_reviewed": true,
    "severity": "MODERATE"
}

References

Affected packages

Maven / org.opencms:opencms-core

Package

Name: org.opencms:opencms-core; View open source insights on deps.dev
Purl: pkg:maven/org.opencms/opencms-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14.0.0

Fixed

16.0.0

Affected versions

14.*

14.0

15.*

15.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-w62v-q77r-66cc/GHSA-w62v-q77r-66cc.json"