october/backend Security Advisories for v1.0.406 (7)
-
[LOW] October CMS vulnerable to Potential Host Header Poisoning on misconfigured servers
PKSA-qdcz-hc2r-sgmp CVE-2021-21265 GHSA-xhfx-hgmf-v6vp
Affected version: <1.1.2
Reported by:
GitHub -
[LOW] Stored XSS by authenticated backend user with access to upload files
PKSA-pm3b-44t6-914w CVE-2020-15249 GHSA-fx3v-553x-3c4q
Affected version: >=1.0.319,<1.0.469
Reported by:
GitHub -
[LOW] Privilege escalation by backend users assigned to the default "Publisher" system role
PKSA-n1yr-6tth-9x9n CVE-2020-15248 GHSA-rfjc-xrmf-5vvw
Affected version: >=1.0.319,<1.0.470
Reported by:
GitHub -
[LOW] Stored XSS in October
PKSA-kmbj-bg6g-fhxx CVE-2020-11083 GHSA-w4pj-7p68-3vgv
Affected version: >=1.0.319,<1.0.466
Reported by:
GitHub -
[LOW] Cross-site Scripting in October
PKSA-59z8-q7v9-3fbc CVE-2020-4061 GHSA-3pc2-fm7p-q2vg
Affected version: >=1.0.319,<1.0.467
Reported by:
GitHub -
[MEDIUM] Potential CSV Injection vector in OctoberCMS
PKSA-7ggp-75p3-wkx5 CVE-2020-5299 GHSA-4rhm-m2fp-hx7q
Affected version: >=1.0.319,<1.0.466
Reported by:
GitHub -
[MEDIUM] Reflected XSS when importing CSV in OctoberCMS
PKSA-xzqs-3yvx-v3cy CVE-2020-5298 GHSA-gg6x-xx78-448c
Affected version: >=1.0.319,<1.0.466
Reported by:
GitHub