4 matches found
October System module has an Open Redirect for Administrator Accounts
Impact This advisory affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema october:// allowed external links, therefore allowing an open redirect outside the scope of the active host. This...
October System module has a Reflected XSS via X-October-Request-Handler Header
Impact The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy...
VulnCheck KEV: CVE-2021-32648
In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request...
Octobercms 安全漏洞
Octobercms is a Php-based Cms website builder from the US company Octobercms. A security vulnerability exists in octobercms october, which originates in an affected version of the october/system package, where an attacker can request a reset of an account password and then use a specially crafted...