CVE-2018-1999008

October CMS version prior to build 437 contains a Cross Site Scripting XSS vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable...

Cross site scripting

October CMS version prior to build 437 contains a Cross Site Scripting XSS vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable...

CVE-2018-1999008

October CMS version prior to build 437 contains a Cross Site Scripting XSS vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable...

CVE-2018-1999008

October CMS: A Cross-Site Scripting (XSS) vulnerability in the Media module and Create Folder feature allows an authenticated user with media module permission to create folder names containing XSS content. The issue affects builds prior to 437 and is fixed in build 437. Documented as exploitable...

CVE-2018-1999008

October CMS version prior to build 437 contains a Cross Site Scripting XSS vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable...

Opencast player and media module script injection vulnerability

Opencast is an open source video management solution . player is one of the video player ; media module is one of the multimedia module . A script injection vulnerability exists in the player and media modules in Opencast 2.3.2 and earlier versions. An attacker can exploit this vulnerability to...

Code injection

Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0...

CVE-2017-1000217

Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0...

CVE-2017-1000217

Opencast 2.3.2 and older versions are vulnerable to script injections through media and metadata in the player and media module resulting in arbitrary code execution, fixed in 2.3.3 and 3.0...

CVE-2017-1000217

CVE-2017-1000217 concerns Opencast 2.3.2 and earlier, where the player and media modules are vulnerable to script injection through media/metadata, leading to arbitrary code execution. The issue is described across multiple sources and is fixed in version 2.3.3 and the major release 3.0 . The vul...

Media - Moderately Critical - Multiple vulnerabilities - SA-CONTRIB-2017-044

This module provides intuitive ways to manage large libraries of media, insert or display or import various types of media either through fields or a wysiwyg interface. Versions of this module prior to 7.x-2.1 or 7.x-3.0-alpha5 did not sufficiently whitelist input parameters for the media browser...

Media - Critical - 1.x branch unsupported - SA-CONTRIB-2017-042

The Media module provides an extensible framework for managing files and multimedia assets, regardless of whether they are hosted on your own site or a 3rd party site - it is commonly referred to as a 'file browser to the internet'. Versions affected Only the 1.x branch is affected. Version 2.0...