Lucene search

GoogleOSV:CVE-2023-25365

HistoryFeb 08, 2024 - 10:15 p.m.

CVE-2023-25365

2024-02-0822:15:08

Google

osv.dev

cve-2023-25365

cross site scripting

october cms

arbitrary code execution

file type vulnerability

software

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.6%

JSON

Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3

CPENameOperatorVersion
octobereq1.0.349
octobereq1.0.428
octobereq1.0.426
octobereq1.0.333
octobereq1.0.411
octobereq1.0.378
octobereq1.0.429
octobereq1.0.336
octobereq1.0.457
octobereq1.0.441

Name	Operator	Version
october	eq	1.0.349
october	eq	1.0.428
october	eq	1.0.426
october	eq	1.0.333
october	eq	1.0.411
october	eq	1.0.378
october	eq	1.0.429
october	eq	1.0.336
october	eq	1.0.457
october	eq	1.0.441

Rows per page:

1-10 of 2041

References

cupc4k3.medium.com/cve-2023-25365-xss-via-file-upload-bypass-ddf4d2a106a7

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.6%

JSON

Related for OSV:CVE-2023-25365