{"url":"http://public2.vulnerablecode.io/api/packages/537979?format=json","purl":"pkg:maven/org.opencms/opencms-core@12.0","type":"maven","namespace":"org.opencms","name":"opencms-core","version":"12.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"18.0","latest_non_vulnerable_version":"18.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95191?format=json","vulnerability_id":"VCID-5pgx-4g9r-zqau","summary":"Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host\nAlkacon OpenCms before 16 allows XXE when the <!DOCTYPE> refers to an external host.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42346","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23484","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23539","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23586","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23602","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24858","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42346"},{"reference_url":"https://github.com/alkacon/opencms-core","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alkacon/opencms-core"},{"reference_url":"https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42346","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42346"},{"reference_url":"https://github.com/advisories/GHSA-pj6p-9p8x-5mfc","reference_id":"GHSA-pj6p-9p8x-5mfc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pj6p-9p8x-5mfc"},{"reference_url":"https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/","reference_id":"xxe-you-can-depend-on-me-opencms","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-11T18:47:40Z/"}],"url":"https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109451?format=json","purl":"pkg:maven/org.opencms/opencms-core@16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ejhc-yd3z-yudb"},{"vulnerability":"VCID-ekwr-3qke-aba1"},{"vulnerability":"VCID-p3fp-gsmb-eqex"},{"vulnerability":"VCID-xznj-mbsj-vff8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.opencms/opencms-core@16.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68172?format=json","purl":"pkg:maven/org.opencms/opencms-core@16.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.opencms/opencms-core@16.0.0"}],"aliases":["CVE-2023-42346","GHSA-pj6p-9p8x-5mfc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pgx-4g9r-zqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45697?format=json","vulnerability_id":"VCID-bru8-pqnw-g7c3","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nAn arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37602","reference_id":"","reference_type":"","scores":[{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58108","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58091","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58105","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.58116","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37602"},{"reference_url":"https://github.com/alkacon/opencms-core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alkacon/opencms-core"},{"reference_url":"https://www.exploit-db.com/exploits/51564","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-24T19:46:31Z/"}],"url":"https://www.exploit-db.com/exploits/51564"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37602","reference_id":"CVE-2023-37602","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37602"},{"reference_url":"https://github.com/advisories/GHSA-ghg2-3w9x-9599","reference_id":"GHSA-ghg2-3w9x-9599","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ghg2-3w9x-9599"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109451?format=json","purl":"pkg:maven/org.opencms/opencms-core@16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ejhc-yd3z-yudb"},{"vulnerability":"VCID-ekwr-3qke-aba1"},{"vulnerability":"VCID-p3fp-gsmb-eqex"},{"vulnerability":"VCID-xznj-mbsj-vff8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.opencms/opencms-core@16.0"}],"aliases":["CVE-2023-37602","GHSA-ghg2-3w9x-9599"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bru8-pqnw-g7c3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57158?format=json","vulnerability_id":"VCID-ejhc-yd3z-yudb","summary":"OpenCMS Cross-Site Scripting vulnerability\nCross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42699","reference_id":"","reference_type":"","scores":[{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59742","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59761","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59767","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.5977","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59762","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-42699"},{"reference_url":"https://github.com/alkacon/opencms-core","reference_id":"","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alkacon/opencms-core"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42699","reference_id":"CVE-2024-42699","reference_type":"","scores":[{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42699"},{"reference_url":"https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-42699%20-%20Stored%20XSS%20in%20image%20title.pdf","reference_id":"CVE-2024-42699%20-%20STORED%20XSS%20IN%20IMAGE%20TITLE.PDF","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-04-21T16:03:55Z/"}],"url":"https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-42699%20-%20Stored%20XSS%20in%20image%20title.pdf"},{"reference_url":"https://github.com/advisories/GHSA-h75c-f2xx-9vxv","reference_id":"GHSA-h75c-f2xx-9vxv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h75c-f2xx-9vxv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/815734?format=json","purl":"pkg:maven/org.opencms/opencms-core@18.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.opencms/opencms-core@18.0"}],"aliases":["CVE-2024-42699","GHSA-h75c-f2xx-9vxv"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ejhc-yd3z-yudb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57153?format=json","vulnerability_id":"VCID-ekwr-3qke-aba1","summary":"Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability\nA stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41447","reference_id":"","reference_type":"","scores":[{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40371","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40398","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40356","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40395","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40342","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41447"},{"reference_url":"https://github.com/alkacon/opencms-core","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alkacon/opencms-core"},{"reference_url":"https://www.exploit-db.com/exploits/52209","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-18T19:25:17Z/"}],"url":"https://www.exploit-db.com/exploits/52209"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41447","reference_id":"CVE-2024-41447","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41447"},{"reference_url":"https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-41447%20-%20Stored%20XSS%20in%20author%20field.pdf","reference_id":"CVE-2024-41447%20-%20STORED%20XSS%20IN%20AUTHOR%20FIELD.PDF","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-41447%20-%20Stored%20XSS%20in%20author%20field.pdf"},{"reference_url":"https://github.com/advisories/GHSA-vq95-6x79-qv8j","reference_id":"GHSA-vq95-6x79-qv8j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vq95-6x79-qv8j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/815734?format=json","purl":"pkg:maven/org.opencms/opencms-core@18.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.opencms/opencms-core@18.0"}],"aliases":["CVE-2024-41447","GHSA-vq95-6x79-qv8j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ekwr-3qke-aba1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57159?format=json","vulnerability_id":"VCID-p3fp-gsmb-eqex","summary":"OpenCMS cross-site scripting (XSS) vulnerability\nA stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41446","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44373","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44412","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.4442","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44396","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44361","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41446"},{"reference_url":"https://github.com/alkacon/opencms-core","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alkacon/opencms-core"},{"reference_url":"https://www.opencms.org","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.opencms.org"},{"reference_url":"http://alkacon.com","reference_id":"alkacon.com","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:54:31Z/"}],"url":"http://alkacon.com"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41446","reference_id":"CVE-2024-41446","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41446"},{"reference_url":"https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-41446%20-%20Stored%20XSS%20in%20image%20copyright%20attribute.pdf","reference_id":"CVE-2024-41446%20-%20STORED%20XSS%20IN%20IMAGE%20COPYRIGHT%20ATTRIBUTE.PDF","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:54:31Z/"}],"url":"https://github.com/Sidd545-cr/CVE/blob/main/CVE-2024-41446%20-%20Stored%20XSS%20in%20image%20copyright%20attribute.pdf"},{"reference_url":"https://github.com/advisories/GHSA-7m3w-m5g3-cc88","reference_id":"GHSA-7m3w-m5g3-cc88","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7m3w-m5g3-cc88"},{"reference_url":"http://opencms.com","reference_id":"opencms.com","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:54:31Z/"}],"url":"http://opencms.com"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/815734?format=json","purl":"pkg:maven/org.opencms/opencms-core@18.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.opencms/opencms-core@18.0"}],"aliases":["CVE-2024-41446","GHSA-7m3w-m5g3-cc88"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p3fp-gsmb-eqex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93284?format=json","vulnerability_id":"VCID-s67w-yu9c-d7fg","summary":"Alkacon OpenCms is vulnerable to XSS via cmis-online/type\nA Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42343","reference_id":"","reference_type":"","scores":[{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41129","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41186","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41159","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00194","scoring_system":"epss","scoring_elements":"0.41191","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00211","scoring_system":"epss","scoring_elements":"0.4363","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42343"},{"reference_url":"https://github.com/alkacon/opencms-core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alkacon/opencms-core"},{"reference_url":"https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42343","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42343"},{"reference_url":"https://github.com/advisories/GHSA-8gpv-c454-3hfc","reference_id":"GHSA-8gpv-c454-3hfc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8gpv-c454-3hfc"},{"reference_url":"https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/","reference_id":"xxe-you-can-depend-on-me-opencms","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T13:46:20Z/"}],"url":"https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109451?format=json","purl":"pkg:maven/org.opencms/opencms-core@16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ejhc-yd3z-yudb"},{"vulnerability":"VCID-ekwr-3qke-aba1"},{"vulnerability":"VCID-p3fp-gsmb-eqex"},{"vulnerability":"VCID-xznj-mbsj-vff8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.opencms/opencms-core@16.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68172?format=json","purl":"pkg:maven/org.opencms/opencms-core@16.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.opencms/opencms-core@16.0.0"}],"aliases":["CVE-2023-42343","GHSA-8gpv-c454-3hfc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s67w-yu9c-d7fg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92833?format=json","vulnerability_id":"VCID-yvej-mv6f-dyam","summary":"Alkacon OpenCms is vulnerable to XSS via updateModelGroups.jsp\nA Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42345","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22603","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.2251","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22618","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22559","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00081","scoring_system":"epss","scoring_elements":"0.23843","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42345"},{"reference_url":"https://github.com/alkacon/opencms-core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alkacon/opencms-core"},{"reference_url":"https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42345","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42345"},{"reference_url":"https://github.com/advisories/GHSA-2887-f3v6-6rjf","reference_id":"GHSA-2887-f3v6-6rjf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2887-f3v6-6rjf"},{"reference_url":"https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/","reference_id":"xxe-you-can-depend-on-me-opencms","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-08T12:59:03Z/"}],"url":"https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109451?format=json","purl":"pkg:maven/org.opencms/opencms-core@16.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ejhc-yd3z-yudb"},{"vulnerability":"VCID-ekwr-3qke-aba1"},{"vulnerability":"VCID-p3fp-gsmb-eqex"},{"vulnerability":"VCID-xznj-mbsj-vff8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.opencms/opencms-core@16.0"},{"url":"http://public2.vulnerablecode.io/api/packages/68172?format=json","purl":"pkg:maven/org.opencms/opencms-core@16.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.opencms/opencms-core@16.0.0"}],"aliases":["CVE-2023-42345","GHSA-2887-f3v6-6rjf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yvej-mv6f-dyam"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41582?format=json","vulnerability_id":"VCID-rcfb-263c-cbgm","summary":"Improper Restriction of XML External Entity Reference\nAn XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3312","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57058","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57061","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57043","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57012","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57063","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.57071","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3312"},{"reference_url":"https://github.com/alkacon/opencms-core","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alkacon/opencms-core"},{"reference_url":"https://github.com/alkacon/opencms-core/commit/92e035423aa6967822d343e54392d4291648c0ee","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alkacon/opencms-core/commit/92e035423aa6967822d343e54392d4291648c0ee"},{"reference_url":"https://github.com/alkacon/opencms-core/issues/721","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alkacon/opencms-core/issues/721"},{"reference_url":"https://github.com/alkacon/opencms-core/issues/725","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alkacon/opencms-core/issues/725"},{"reference_url":"https://github.com/alkacon/opencms-core/releases","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alkacon/opencms-core/releases"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3312","reference_id":"CVE-2021-3312","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3312"},{"reference_url":"https://github.com/advisories/GHSA-g6v7-vqhx-6v6c","reference_id":"GHSA-g6v7-vqhx-6v6c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g6v7-vqhx-6v6c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/537979?format=json","purl":"pkg:maven/org.opencms/opencms-core@12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5pgx-4g9r-zqau"},{"vulnerability":"VCID-bru8-pqnw-g7c3"},{"vulnerability":"VCID-ejhc-yd3z-yudb"},{"vulnerability":"VCID-ekwr-3qke-aba1"},{"vulnerability":"VCID-p3fp-gsmb-eqex"},{"vulnerability":"VCID-s67w-yu9c-d7fg"},{"vulnerability":"VCID-yvej-mv6f-dyam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.opencms/opencms-core@12.0"},{"url":"http://public2.vulnerablecode.io/api/packages/59254?format=json","purl":"pkg:maven/org.opencms/opencms-core@12.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.opencms/opencms-core@12.0.0"}],"aliases":["CVE-2021-3312","GHSA-g6v7-vqhx-6v6c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rcfb-263c-cbgm"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.opencms/opencms-core@12.0"}