Page 2 of 8 results (0.003 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2. October es Content Management System (CMS) y una plataforma web para ayudar con el flujo de trabajo de desarrollo. Un usuario con acceso al administrador de medios que almacena archivos SVG podría crear un ataque XSS almacenado contra sí mismo y contra cualquier otro usuario con acceso al administrador de medios cuando se admiten archivos SVG. • https://github.com/octobercms/october/commit/b7eed0bbf54d07ff310fcdc7037a8e8bf1f5043b https://github.com/octobercms/october/security/advisories/GHSA-rvx8-p3xp-fj3p • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field. Vulnerabilidad de Cross-Site Scripting (XSS) en la instalación de October v.3.4.16 permite a un atacante ejecutar scripts web arbitrarios a través de un payload manipulado inyectado en el campo dbhost. • https://github.com/sromanhu/CVE-2023-43876-October-CMS-Reflected-XSS---Installation https://github.com/sromanhu/October-CMS-Reflected-XSS---Installation/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file. • https://okankurtulus.com.tr/2023/07/24/october-cms-v3-4-4-stored-cross-site-scripting-xss-authenticated • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •