CVE-2023-6380

Name of the Vulnerable Software and Affected Versions Open CMS versions 14 through 15 of the 'Mercury' template

Description An open redirect vulnerability has been found in the Open CMS product. This issue allows an attacker to create a specially crafted URL and send it to a specific user, redirecting them to a malicious site and potentially compromising them. The exploitation of this vulnerability is possible due to the lack of proper sanitization of the URI parameter.

Recommendations For versions 14 and 15 of the 'Mercury' template, consider disabling the functionality that uses the URI parameter until a patch is available. Restrict access to the affected 'Mercury' template to minimize the risk of exploitation. Avoid using the URI parameter in affected URLs until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.