← All advisories

High severityNVD Advisory· Published Feb 8, 2024· Updated Jun 17, 2025

CVE-2023-25365

CVE-2023-25365

Description

Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
october/octoberPackagist	<= 3.2.0	—

Affected products

2

October/CMSdescription
ghsa-coords
pkg:composer/october/october
Range: <= 3.2.0

Patches

Vulnerability mechanics

References

3

github.com/advisories/GHSA-gcgj-qh8p-57hmghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-25365ghsaADVISORY
cupc4k3.medium.com/cve-2023-25365-xss-via-file-upload-bypass-ddf4d2a106a7ghsaWEB

News mentions

0

No linked articles in our index yet.