cbcvebase.
CVE-2023-6380
published 2023-12-13

CVE-2023-6380: Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially…

PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.59%
72.7th percentile
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter.

Affected

3 ranges
VendorProductVersion rangeFixed in
alkaconopen_cms
alkaconopen_cms
alkaconopencms>= 14.0.0 < 16.0.016.0.0
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.