Lucene search
Veracode Vulnerability DatabaseVERACODE:25881HistoryJul 15, 2020 - 3:27 a.m.
Cross-site Scripting (XSS)
2020-07-1503:27:32
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.004 Low
EPSS
Percentile
73.4%
october/october is vulnerable to cross-site scripting (XSS). The vulnerability exists as the FormWidget markdown fields could have been used to store unsanitized input.
| CPE | Name | Operator | Version |
|---|---|---|---|
| october/october | le | 1.0.465 | |
| rainlab/blog-plugin | le | 1.4.0 | |
| october/october | le | 1.0.465 | |
| rainlab/blog-plugin | le | 1.4.0 |
References
packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html
seclists.org/fulldisclosure/2020/Aug/2
github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746
github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv
github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94
Related
cve
cve
CVE-2020-11083
2020-07-14 21:15:10
prion
prion
Cross site scripting
2020-07-14 21:15:00
osv
osv
Stored XSS in October
2020-08-05 14:52:44
CVE-2020-11083
2020-07-14 21:15:10
cvelist
cvelist
CVE-2020-11083 Stored XSS in October
2020-07-14 20:55:14
nvd
nvd
CVE-2020-11083
2020-07-14 21:15:10
github
github
Stored XSS in October
2020-08-05 14:52:44
zdt
zdt
packetstorm
packetstorm
October CMS Build 465 XSS / File Read / File Deletion / CSV Injection
2020-08-03 00:00:00