3 matches found
CVE-2020-11083
In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users...
CVE-2020-11083
CVE-2020-11083 is a stored XSS vulnerability in October CMS: versions prior to 1.0.466 (and affected RainLab.Blog prior to 1.4.1) allow a user with access to a markdown FormWidget that stores data persistently to inject HTML/JS for themselves and other users who view the generated HTML. The issue...
CVE-2020-11083 Stored XSS in October
In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users...