Lucene search
+L

4 matches found

Github Security Blog
Github Security Blog
added 2024/06/26 5:42 p.m.28 views

October System module has an Open Redirect for Administrator Accounts

Impact This advisory affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema october:// allowed external links, therefore allowing an open redirect outside the scope of the active host. This...

4.8CVSS6.7AI score0.00265EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/26 2:8 p.m.26 views

October System module has a Reflected XSS via X-October-Request-Handler Header

Impact The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy...

5.4CVSS6.4AI score0.00263EPSS
Exploits0References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2022/01/18 12:0 a.m.3 views

VulnCheck KEV: CVE-2021-32648

In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request...

9.1CVSS7.4AI score0.90418EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/26 12:0 a.m.6 views

Octobercms 安全漏洞

Octobercms is a Php-based Cms website builder from the US company Octobercms. A security vulnerability exists in octobercms october, which originates in an affected version of the october/system package, where an attacker can request a reset of an account password and then use a specially crafted...

9.1CVSS8.5AI score0.90418EPSS
Exploits1References4
Rows per page
Query Builder