Lucene search
GoogleOSV:CVE-2020-11083HistoryJul 14, 2020 - 9:15 p.m.
CVE-2020-11083
2020-07-1421:15:10
Google
osv.dev
In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1.
References
packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html
seclists.org/fulldisclosure/2020/Aug/2
github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746
github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv
github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94
Related
osv
osv
Stored XSS in October
2020-08-05 14:52:44
cve
cve
CVE-2020-11083
2020-07-14 21:15:10
prion
prion
Cross site scripting
2020-07-14 21:15:00
veracode
veracode
Cross-site Scripting (XSS)
2020-07-15 03:27:32
cvelist
cvelist
CVE-2020-11083 Stored XSS in October
2020-07-14 20:55:14
nvd
nvd
CVE-2020-11083
2020-07-14 21:15:10
github
github
Stored XSS in October
2020-08-05 14:52:44
zdt
zdt
packetstorm
packetstorm
October CMS Build 465 XSS / File Read / File Deletion / CSV Injection
2020-08-03 00:00:00