Lucene search
GoogleOSV:CVE-2020-5298HistoryJun 03, 2020 - 10:15 p.m.
CVE-2020-5298
2020-06-0322:15:11
Google
osv.dev
3
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the ImportExportController behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466).
Related
cve
cve
CVE-2020-5298
2020-06-03 22:15:11
veracode
veracode
Cross-Site Scripting (XSS)
2020-06-04 08:12:55
nvd
nvd
CVE-2020-5298
2020-06-03 22:15:11
osv
osv
Reflected XSS when importing CSV in OctoberCMS
2020-06-03 21:58:32
cvelist
cvelist
CVE-2020-5298 Reflected XSS when importing CSV in OctoberCMS
2020-06-03 21:55:12
github
github
Reflected XSS when importing CSV in OctoberCMS
2020-06-03 21:58:32
prion
prion
Design/Logic Flaw
2020-06-03 22:15:00
zdt
zdt
packetstorm
packetstorm
October CMS Build 465 XSS / File Read / File Deletion / CSV Injection
2020-08-03 00:00:00