3 matches found
CVE-2024-25637
CVE-2024-25637 affects October CMS (Laravel-based). The X-October-Request-Handler header can reflect unescaped HTML, enabling a reflected XSS scenario. Affected versions are prior to 3.5.15; patch released in 3.5.15. Practical exploitation is described as requiring proxy interception (not externa...
CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header
October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...
CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header
October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...