Note:
This project will be discontinued after December 13, 2021. [more]
Product:
October
(Octobercms)| Repositories |
• https://github.com/octobercms/october
• https://github.com/octobercms/library |
| #Vulnerabilities | 46 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-11-17 | CVE-2017-1000194 | October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. | October | 9.8 | ||
| 2017-11-17 | CVE-2017-1000193 | October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser. | October | 6.1 | ||
| 2017-10-05 | CVE-2017-1000119 | October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. | October | 7.2 | ||
| 2020-07-02 | CVE-2020-4061 | In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467. | October | N/A | ||
| 2017-09-27 | CVE-2015-5613 | Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612. | October | 5.4 | ||
| 2015-09-04 | CVE-2015-5612 | Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image. | October | N/A |