October CMS Cross-Site Scripting Vulnerability (CNVD-2020-51531)

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. A cross-site scripting vulnerability exists in October 1.0.319 and later versions fixed in version 1.0.467. The vulnerability stems from a lack of proper validation of client-side data ...

Design/Logic Flaw

In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467...