CVE-2023-42344

HIGH EXPLOITED

Alkacon OpenCms <10.5.1 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2023-42344 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet.

References (2)

Core 2

Core References

Issue Tracking

https://github.com/projectdiscovery/nuclei-templates/issues/8864

https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/

Scores

CVSS v3 7.3

EPSS 0.0223

EPSS Percentile 80.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2024-04-02

CWE

CWE-611

Status published

Products (1)

org.opencms/opencms-core 0 - 10.5.1Maven

Published May 08, 2026

Tracked Since May 08, 2026