users can execute code without authentication. An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.
View the template here CVE-2023-42344.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-42344