CVE-2020-11083
Stored XSS in October
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1.
En octubre, desde versión 1.0.319 y anterior a versión 1.0.466, un usuario con acceso a un FormWidget de descuento que almacena datos persistentemente podría crear un ataque de tipo XSS almacenado contra sí mismo y cualquier otro usuario con acceso al HTML generado desde el campo. Esto se ha corregido en 1.0.466. Para los usuarios del plugin RainLab.Blog, esto también se ha corregido en 1.4.1
October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-30 CVE Reserved
- 2020-07-14 CVE Published
- 2024-03-31 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html | 2024-08-04 | |
http://seclists.org/fulldisclosure/2020/Aug/2 | 2024-08-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Octobercms Search vendor "Octobercms" | October Search vendor "Octobercms" for product "October" | >= 1.0.319 < 1.0.466 Search vendor "Octobercms" for product "October" and version " >= 1.0.319 < 1.0.466" | - |
Affected
|