2 matches found
October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting
Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Date: 2018-04-03 Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1. Description: Front-end user management for October CMS. Allows...
Design/Logic Flaw
An issue was discovered in the Users aka Front-end user management plugin 1.4.5 for October CMS. XSS exists in the name field...