October Security Vulnerabilities and Issues — October CVE List

Lucene search

OctobercmsOctober

3 matches found

CVE•added 2020/07/02 5:15 p.m.•61 views

CVE-2020-4061

In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467.

5.4CVSS4.7AI score0.00309EPSS

CVE•added 2020/07/31 6:15 p.m.•52 views

CVE-2020-15128

In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core project itself) had a...

6.3CVSS6.6AI score0.00113EPSS

CVE•added 2020/07/14 9:15 p.m.•44 views

CVE-2020-11083

In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users o...

4.8CVSS4.1AI score0.00432EPSS