Lucene search
K

4 matches found

NVD
NVD
added 2024/06/26 4:15 p.m.46 views

CVE-2024-25637

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

5.4CVSS0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/26 3:55 p.m.26 views

CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

3.1CVSS6.7AI score0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/26 3:55 p.m.45 views

CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...

3.1CVSS0.00263EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/06/26 2:8 p.m.25 views

October System module has a Reflected XSS via X-October-Request-Handler Header

Impact The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy...

5.4CVSS6.4AI score0.00263EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder