Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octobercms october vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-1000195
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.
Octobercms October
9.8
CVSSv3
CVE-2017-1000197
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.
Octobercms October
5.2
CVSSv3
CVE-2020-15247
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would n...
Octobercms October
9.8
CVSSv3
CVE-2021-3311
An issue exists in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.php authentication behavior but, admittedly, is only relevant if an old session ID is know...
Octobercms October
6.1
CVSSv3
CVE-2018-7198
October CMS up to and including 1.0.431 allows XSS by entering HTML on the Add Posts page.
Octobercms October
1 EDB exploit
NA
CVE-2015-5612
Cross-site scripting (XSS) vulnerability in October CMS build 271 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the caption tag of a profile image.
Octobercms October -
5.4
CVSSv3
CVE-2015-5613
Cross-site scripting (XSS) vulnerability in October CMS build 271 and previous versions allows remote malicious users to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612.
Octobercms October -
7.4
CVSSv3
CVE-2021-29487
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by u...
Octobercms October
1 Github repository
5.4
CVSSv3
CVE-2020-4061
In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467.
Octobercms October
5.4
CVSSv3
CVE-2023-43876
A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an malicious user to execute arbitrary web scripts via a crafted payload injected into the dbhost field.
Octobercms October 3.4.16
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »