CVE-2023-42346
Deferred Deferred - Pending Action
XXE Vulnerability in Alkacon OpenCms

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: MITRE

Description
Alkacon OpenCms before 16 allows XXE when the <!DOCTYPE> refers to an external host.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2023-42346
EUVD
EUVD-2023-46799
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
alkacon opencms to 16 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Alkacon OpenCms versions before 16 and involves an XML External Entity (XXE) attack. It occurs when the <!DOCTYPE> declaration in an XML document refers to an external host, allowing an attacker to exploit the system by processing external entities.


How can this vulnerability impact me? :

An XXE vulnerability can allow attackers to read sensitive files, perform server-side request forgery (SSRF), or cause denial of service by exploiting the XML parser's handling of external entities. This can lead to unauthorized data access or disruption of service.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart