october/october is vulnerable to cross-site scripting (XSS). The vulnerability exists as the FormWidget
markdown fields could have been used to store unsanitized input.
CPE | Name | Operator | Version |
---|---|---|---|
october/october | le | 1.0.465 | |
rainlab/blog-plugin | le | 1.4.0 | |
october/october | le | 1.0.465 | |
rainlab/blog-plugin | le | 1.4.0 |
packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html
seclists.org/fulldisclosure/2020/Aug/2
github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746
github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv
github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94