2 matches found
Cross-site Scripting (XSS)
October CMS is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the brand logo image name, allowing a malicious user to inject and execute arbitrary Javascript...
CVE-2017-1000193
October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...