68 matches found
EUVD-2020-1452
Malware in sbrugna...
EUVD-2020-1470
Malware in sbrugna...
EUVD-2021-2170
Malware in sbrugna...
EUVD-2020-1454
Malware in sbrugna...
EUVD-2022-6298
Malicious code in bioql PyPI...
EUVD-2022-0465
Malicious code in bioql PyPI...
EUVD-2024-2160
Malicious code in bioql PyPI...
EUVD-2024-2165
Malicious code in bioql PyPI...
CVE-2021-32648
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5...
CVE-2021-32650
October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents P...
CVE-2021-29487
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated...
CVE-2022-21705
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass cms.safemode /...
CVE-2024-25637
October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...
CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header
October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...
CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header
October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...
CVE-2024-24764 October Open Redirect for Administrator Accounts
October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema october:// allowed external links, therefore allowing an op...
Cross site scripting
Winter is a free, open-source content management system CMS based on the Laravel PHP framework. Users with the backend.managebranding permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting...
CVE-2023-37269
Winter CMS is vulnerable to a stored XSS due to unsanitized SVG uploads in the branding logo function prior to v1.2.3. The issue requires an attacker with backend.manage_branding permission (or higher) and user interaction by visiting the URL of the malicious SVG; exploitation is further constrai...
CVE-2022-35944
CVE-2022-35944 affects October CMS (Laravel-based). The flaw allows bypass of the Safe Mode cms.safe_mode when an attacker with admin Editor access crafts a request to inject PHP code into a CMS template. Patches exist in v2.2.34 and v3.0.66; no public exploit details are provided in the connecte...
CVE-2022-35944 October CMS Safe Mode bypass leads to authenticated RCE (Remote Code Execution)
October is a self-hosted Content Management System CMS platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin pan...