Lucene search
PRIOn knowledge basePRION:CVE-2020-5298HistoryJun 03, 2020 - 10:15 p.m.
Design/Logic Flaw
2020-06-0322:15:00
PRIOn knowledge base
www.prio-n.com
2
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the ImportExportController behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466).
Related
osv
osv
Reflected XSS when importing CSV in OctoberCMS
2020-06-03 21:58:32
CVE-2020-5298
2020-06-03 22:15:11
cvelist
cvelist
CVE-2020-5298 Reflected XSS when importing CSV in OctoberCMS
2020-06-03 21:55:12
cve
cve
CVE-2020-5298
2020-06-03 22:15:11
veracode
veracode
Cross-Site Scripting (XSS)
2020-06-04 08:12:55
nvd
nvd
CVE-2020-5298
2020-06-03 22:15:11
github
github
Reflected XSS when importing CSV in OctoberCMS
2020-06-03 21:58:32
zdt
zdt
packetstorm
packetstorm
October CMS Build 465 XSS / File Read / File Deletion / CSV Injection
2020-08-03 00:00:00