3 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612...
CVE-2015-5612
Cross-site scripting XSS vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image...
CVE-2015-5612
Affected software: October CMS (build 271 and earlier). Vulnerability: cross-site scripting (XSS) via the caption tag of a profile image. Root cause: improper handling of caption tag leads to script/HTML injection. Impact: remote attacker can inject arbitrary script/HTML. Exploitation details are...