146 matches found
CVE-2020-15128
CVE-2020-15128 affects OctoberCMS prior to version 1.0.468. The root cause is that encrypted cookie values were not bound to the cookie name, enabling scenarios where untrusted user input stored in a cookie could be misused as other cookies or where plaintext cookie content could be fed back for ...
CVE-2020-15128 Reliance on Cookies without validation in OctoberCMS
In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code nothing exploitable in the core project itself had a...
Cross-site Scripting (XSS)
october/october is vulnerable to cross-site scripting XSS. The vulnerability exists as it does not perform sanitization on the clipboard before pasting it in a FroalaEditor...
Use of insecure jQuery version in OctoberCMS
Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches Issue has been patched in Build 466 v1.0.466 by applying the recommended patch from @jquery. Workarounds Apply...
GHSA-V73W-R9XG-7CR9 Use of insecure jQuery version in OctoberCMS
Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches Issue has been patched in Build 466 v1.0.466 by applying the recommended patch from @jquery. Workarounds Apply...
Unauthorized Local File Read
octobercms is vulnerable to unrestricted local file read. The vulnerability is possible because it does not restrict the file path to read the files under the assets directory, allowing any authenticated backend user with the cms.manageassets permission to read local files of an October CMS serve...
Cross-Site Scripting (XSS)
OctoberCMS is vulnerable to cross-site scripting XSS. The attack is possible because it does not prevent uploading of malicious CSV file by sanitizing the imported CSV column names column parameters...
Unrestricted File Upload
OctoberCMS is vulnerable to Unrestricted File Upload. It does not trim and validate the path destinationFullPath, allowing an authenticated backend user with the cms.manageassets permission to upload files such as jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md,...
CVE-2020-5295
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission. Issue has...
CVE-2020-5299
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated C...
CVE-2020-5296
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission...
CVE-2020-5298
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the ImportExportController behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a...
CVE-2020-5296
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission...
CVE-2020-5298
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the ImportExportController behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a...
CVE-2020-5297
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server...
CVE-2020-5295
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission. Issue has...
CVE-2020-5299
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated C...
CVE-2020-5297
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server...
Code injection
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission. Issue has...
Code injection
In OctoberCMS october/october composer package versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the cms.manageassets permission...