Moderate severityNVD Advisory· Published Sep 28, 2023· Updated Sep 23, 2024
CVE-2023-43876
CVE-2023-43876
Description
A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
october/cmsPackagist | <= 3.4.16 | — |
Affected products
2- October/Octoberdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-2g8p-j2r6-vqpjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-43876ghsaADVISORY
- github.com/octobercms/install/commit/ef1225b5596b7c2eb5ca3aa700a23e9f8acf387bghsaWEB
- github.com/sromanhu/CVE-2023-43876-October-CMS-Reflected-XSS---Installation/issues/1ghsaWEB
- github.com/sromanhu/October-CMS-Reflected-XSS---Installation/blob/main/README.mdghsaWEB
News mentions
0No linked articles in our index yet.