VYPR
Moderate severityNVD Advisory· Published Nov 29, 2023· Updated Jun 5, 2025

October CMS stored XSS by authenticated backend user with improper configuration

CVE-2023-44383

Description

October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
october/systemPackagist
>= 3.0.0, < 3.5.23.5.2

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.