CVE-2023-42343
published 2026-05-08CVE-2023-42343: A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type.
PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.59%
43.8th percentile
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8gpv-c454-3hfc: A Cross Site Scripting vulnerability in Alkacon OpenCms before 10
ghsa_unreviewed·2026-05-08
CVE-2023-42343 [MEDIUM] CWE-79 GHSA-8gpv-c454-3hfc: A Cross Site Scripting vulnerability in Alkacon OpenCms before 10
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type.
GHSA
Alkacon OpenCms is vulnerable to XSS via cmis-online/type
ghsa·2026-05-08
CVE-2023-42343 [MEDIUM] CWE-79 Alkacon OpenCms is vulnerable to XSS via cmis-online/type
Alkacon OpenCms is vulnerable to XSS via cmis-online/type
A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type.
No detection rules found.
Nuclei
OpenCMS - Cross-Site Scripting
nuclei
CVE-2023-42343 OpenCMS - Cross-Site Scripting
OpenCMS - Cross-Site Scripting
OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.
Template:
id: CVE-2023-42343
info:
name: OpenCMS - Cross-Site Scripting
author: DhiyaneshDK
severity: medium
description: |
OpenCMS below 10.5.1 is vulnerable to Cross-Site Scripting vulnerability.
impact: |
Unauthenticated attackers can inject malicious JavaScript through the id parameter in CMIS endpoints to steal user session cookies and execute attacks against OpenCMS users.
remediation: Fixed in 10.5.1.
reference:
- https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
classification:
cve-id: CVE-2023-42343
metadata:
verified: true
max-request: 1
shodan-query:
- "/opencms/"
- http.title:"opencms"
- cpe:"cpe:2.3:a:alkacon:opencms"
product: opencms
vendor: alkacon
fofa-que
2026-05-08
Published