4 matches found
October CMS < 1.0.431 - Cross-Site Scripting
Exploit Title: October CMS Stored Code Injection Date: 16-02-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till date from 1.0.431 CVE : CVE- 2018-7198 Categor...
October CMS Cross Site Scripting
Exploit Title: October CMS Stored Code Injection Date: 16-02-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till date from 1.0.431 CVE : CVE- 2018-7198 Category:...
October CMS 1.0.431 - Cross-Site Scripting
October CMS 1.0.431 - Cross-Site Scripting Exploit Title: October CMS Stored Code Injection Date: 16-02-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till dat...
CVE-2018-7198
CVE-2018-7198 affects October CMS up to version 1.0.431, specifically the RainLab Blog Plugin. It enables stored XSS by entering HTML on the Add Posts page, allowing a malicious payload to be stored and subsequently executed. The issue is documented across multiple sources (GHSA/OSV and exploit r...