Lucene search
GitHub Advisory DatabaseGHSA-9HQ8-V2JC-QJ4RHistoryMay 17, 2022 - 4:08 a.m.
October CMS XSS In Caption Tag of Profile
2022-05-1704:08:19
CWE-79
GitHub Advisory Database
github.com
3
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
60.3%
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.
Affected configurations
Node
octoberoctoberRange<1.0.319
| CPE | Name | Operator | Version |
|---|---|---|---|
| october/october | lt | 1.0.319 |
References
Related
osv
osv
October CMS XSS In Caption Tag of Profile
2022-05-17 04:08:19
prion
prion
Cross site scripting
2015-09-04 15:59:00
Cross site scripting
2017-09-28 01:29:00
nvd
nvd
CVE-2015-5612
2015-09-04 15:59:01
CVE-2015-5613
2017-09-28 01:29:00
cve
cve
CVE-2015-5612
2015-09-04 15:59:01
CVE-2015-5613
2017-09-28 01:29:00
cvelist
cvelist
CVE-2015-5612
2015-09-04 15:00:00
CVE-2015-5613
2017-09-27 17:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
60.3%
Related for GHSA-9HQ8-V2JC-QJ4R