In OctoberCMS (october/october composer package) versions from 1.0.319 and prior to 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an malicious user to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
octobercms october |