CVE-2023-42346

HIGH7.5EPSS 0.08%

Alkacon OpenCms is vulnerable to XXE when the <!DOCTYPE> refers to an external host

Published: 5/8/2026Modified: 5/14/2026
Also known as:GHSA-pj6p-9p8x-5mfc

Description

Alkacon OpenCms before 16 allows XXE when the <!DOCTYPE> refers to an external host.

Affected packages (1)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1HIGH7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (3)