CVE-2023-6380 Information

Description

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the ‘Mercury’ template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the ‘URI’ parameter.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alkacon-software-opencms