Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octobercms vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-23655
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their i...
Octobercms October
8.1
CVSSv3
CVE-2022-24800
October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user ca...
Octobercms October
7.2
CVSSv3
CVE-2021-41126
October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2...
Octobercms October
9.1
CVSSv3
CVE-2021-32648
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and...
Octobercms October
4 Github repositories
NA
CVE-2015-5612
Cross-site scripting (XSS) vulnerability in October CMS build 271 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the caption tag of a profile image.
Octobercms October -
5.4
CVSSv3
CVE-2015-5613
Cross-site scripting (XSS) vulnerability in October CMS build 271 and previous versions allows remote malicious users to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612.
Octobercms October -
6.1
CVSSv3
CVE-2017-1000193
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.
Octobercms October
9.8
CVSSv3
CVE-2017-1000194
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.
Octobercms October
7.5
CVSSv3
CVE-2017-1000195
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.
Octobercms October
9.8
CVSSv3
CVE-2017-1000196
October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.
Octobercms October
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4956
validation
CVE-2024-35221
remote attackers
CVE-2023-30309
CVE-2024-36112
CVE-2024-23109
CVE-2023-43850
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »