Lucene search

[email protected]CVE-2015-5612

HistorySep 04, 2015 - 3:59 p.m.

CVE-2015-5612

2015-09-0415:59:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-5612

xss vulnerability

october cms

web script injection

html injection

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.3%

JSON

Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.

Affected configurations

NVD

Node

octobercmsoctoberMatch-

CPENameOperatorVersion
octobercms:octoberoctobercms octobereq-

CPE	Name	Operator	Version
octobercms:october	octobercms october	eq	-

References

www.openwall.com/lists/oss-security/2015/07/21/5

www.openwall.com/lists/oss-security/2015/07/22/3

github.com/octobercms/october/commit/8a4ac533e5cd6b8f92e9ef19fbfbb2f505dc7a9a

github.com/octobercms/october/issues/1302

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

60.3%

JSON

Related for CVE-2015-5612

github1 prion2 osv1 nvd2 cvelist2 cve1