0.001 Low
EPSS
Percentile
19.5%
october/backend is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript code in a user’s browser via a malicious SVG file upload.
github.com/advisories/GHSA-fx3v-553x-3c4q
github.com/octobercms/library/commit/80aab47f044a2660aa352450f55137598f362aa4
github.com/octobercms/october/security/advisories/GHSA-fx3v-553x-3c4q