Lucene search

K

5 matches found

CVE
CVE
added 2023/09/28 3:15 p.m.97 views

CVE-2023-43876

A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.

5.4CVSS5.2AI score0.00261EPSS
CVE
CVE
added 2023/07/26 9:15 p.m.49 views

CVE-2023-37692

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file.

5.4CVSS6AI score0.00271EPSS
CVE
CVE
added 2023/12/01 10:15 p.m.40 views

CVE-2023-44382

October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the editor.cms_pages, editor.cms_layouts, or editor.cms_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to...

9.1CVSS9.5AI score0.00246EPSS
CVE
CVE
added 2023/12/01 10:15 p.m.35 views

CVE-2023-44381

October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the editor.cms_pages, editor.cms_layouts, or editor.cms_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to...

4.9CVSS5.1AI score0.00175EPSS
CVE
CVE
added 2023/11/29 8:15 p.m.26 views

CVE-2023-44383

October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This...

5.4CVSS5.2AI score0.0093EPSS