CVE-2023-6710

MEDIUM

mod_proxy_cluster - Stored Cross-Site Scripting via Alias Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-6710. PoCs published by Mohamed Mounir Boudjema, DedSec-47.

AI-analyzed exploit summary This exploit checks for a reflected XSS vulnerability in the 'Alias' parameter of a target URL. It modifies the parameter value to '<DedSec-47>' and checks if the response contains this value, indicating vulnerability.

Description

A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.

Exploits (3)

exploitdb WORKING POC
by Mohamed Mounir Boudjema · pythonwebappsphp
https://www.exploit-db.com/exploits/52010

This exploit checks for a reflected XSS vulnerability in the 'Alias' parameter of a target URL. It modifies the parameter value to '<DedSec-47>' and checks if the response contains this value, indicating vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Unknown (likely a web application with a cluster manager interface)
No auth needed
Prerequisites: Access to the target URL path containing the 'Alias' parameter
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 2 stars
by DedSec-47 · poc
https://github.com/DedSec-47/CVE-2023-6710

The repository contains a Python script that scans for the presence of CVE-2023-6710 by checking for an 'Alias' parameter in URLs and injecting a test value. It does not demonstrate exploitation but confirms vulnerability by detecting reflected input.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Unknown (likely a web application with a cluster-manager endpoint)
No auth needed
Prerequisites: Access to a vulnerable web application with a cluster-manager endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec SCANNER 1 stars
by DedSec-47 · poc
https://github.com/DedSec-47/Metasploit-Exploits-CVE-2023-6710

The repository contains a Metasploit auxiliary module that scans for CVE-2023-6710, a stored XSS vulnerability in mod_cluster. It checks for the presence of the Alias parameter and attempts to inject a hardcoded value to confirm vulnerability.

Classification
Scanner 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: mod_cluster (Red Hat)
No auth needed
Prerequisites: Access to the target's Cluster Manager URL
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1317
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:1316
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:2387
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-6710
Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2254128

Scores

CVSS v3 5.4
EPSS 0.0224
EPSS Percentile 80.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
modcluster/mod_proxy_cluster
redhat/enterprise_linux 9.0
Published Dec 12, 2023
Tracked Since Feb 18, 2026