GHSA-3P6C-9XHM-8X7H October CMS XSS

October CMS build 412 is vulnerable to stored XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

October CMS XSS

October CMS build 412 is vulnerable to stored XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

CVE-2017-1000197

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server...

Design/Logic Flaw

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server...

Cross site scripting

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

Design/Logic Flaw

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...

Design/Logic Flaw

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server...

CVE-2017-1000194

October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server...

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server...

CVE-2017-1000197

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server...

CVE-2017-1000194

October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server...

CVE-2017-1000196

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server...

CVE-2017-1000197

October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server...

CVE-2017-1000193

October CMS 412 is reported to be vulnerable to a stored XSS (WCI) via the brand logo image name, allowing injected JavaScript to execute in the victim’s browser. The root cause, as described in the connected materials, is a stored XSS flaw in the brand logo handling. The documents do not specify...

CVE-2017-1000194

The CVE-2017-1000194 entry concerns October CMS, specifically build 412. The vulnerability enables modification of Apache configuration through the file upload feature, which can lead to site compromise and potentially affect other applications on the same server. The description across connected...

CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in the asset move functionality, allowing an attacker to delete files on the server within the constraints of file permissions. The vulnerability is triggered through the asset handling path in October CMS, with documented remediation vi...

CVE-2017-1000196

CVE-2017-1000196 affects October CMS build 412. The asset manager allows PHP code execution, leading to site compromise and potentially other applications on the server. Exploitation details and remediation are not provided in the supplied documents; no patch/version is specified here.

October CMS Cross-Site Scripting Vulnerability (CNVD-2017-37277)

OctoberCMS is a CMS system based on Laravel PHP development framework. A cross-site scripting vulnerability exists in the brand logo image name in October CMS build 412. An attacker can exploit this vulnerability to execute JavaScript code in the victim's browser...