Cross-Site Scripting (XSS)

2020-11-2404:57:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

19.5%

JSON

october/backend is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript code in a user’s browser via a malicious SVG file upload.

CPENameOperatorVersion
october/backendle1.0.468

CPE	Name	Operator	Version
	october/backend	le	1.0.468

References

github.com/advisories/GHSA-fx3v-553x-3c4q

github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4

github.com/octobercms/october/security/advisories/GHSA-fx3v-553x-3c4q

0.001 Low

EPSS

Percentile

19.5%

JSON

Related for VERACODE:27971