Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
octobercms october vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-1000193
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.
Octobercms October
6.8
CVSSv2
CVE-2017-16244
Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) due to improper validation of CSRF tokens for postback handling, allowing an malicious user to successfully take over the victim's account. The attack bypasses a protection mechanism involving X-CSRF hea...
Octobercms October 1.0.426
1 EDB exploit
3.5
CVSSv2
CVE-2017-15284
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account.
Octobercms October 1.0.425
1 EDB exploit
6.5
CVSSv2
CVE-2017-1000119
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.
Octobercms October 1.0.412
1 EDB exploit
3.5
CVSSv2
CVE-2015-5613
Cross-site scripting (XSS) vulnerability in October CMS build 271 and previous versions allows remote malicious users to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612.
Octobercms October -
4.3
CVSSv2
CVE-2015-5612
Cross-site scripting (XSS) vulnerability in October CMS build 271 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the caption tag of a profile image.
Octobercms October -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5