Lucene search

GitHub_MCVELIST:CVE-2024-25637

HistoryJun 26, 2024 - 3:55 p.m.

CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header

2024-06-2615:55:35

CWE-79

GitHub_M

www.cve.org

cve-2024-25637

reflected xss

x-october-request-handler

laravel php framework

cms

version 3.5.15

security patch

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

9.1%

JSON

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy interception tool. This issue has been patched in version 3.5.15.

CNA Affected

[
  {
    "vendor": "octobercms",
    "product": "october",
    "versions": [
      {
        "version": ">= 3.2, < 3.5.15",
        "status": "affected"
      }
    ]
  }
]

References

github.com/octobercms/october/security/advisories/GHSA-rjw8-v7rr-r563

CVSS3

3.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-25637