VYPR

October

by Octobercms

Source repositories

CVEs (50)

  • CVE-2024-25837Aug 16, 2024
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments section.

  • CVE-2024-25637Jun 26, 2024
    risk 0.00cvss epss 0.00

    October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal…

  • CVE-2024-24764Jun 26, 2024
    risk 0.00cvss epss 0.00

    October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links,…

  • CVE-2023-44381Dec 1, 2023
    risk 0.00cvss epss 0.01

    October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be…

  • CVE-2023-44382Dec 1, 2023
    risk 0.00cvss epss 0.01

    October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to provide PHP code to be…

  • CVE-2023-44383Nov 29, 2023
    risk 0.00cvss epss 0.00

    October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files…

  • CVE-2022-35944Oct 13, 2022
    risk 0.00cvss epss 0.01

    October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has…

  • CVE-2022-24800Jul 12, 2022
    risk 0.00cvss epss 0.01

    October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user…

  • CVE-2022-23655Feb 23, 2022
    risk 0.00cvss epss 0.01

    Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their…

  • CVE-2022-21705Feb 23, 2022
    risk 0.00cvss epss 0.09

    Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to…

  • CVE-2021-32649Jan 14, 2022
    risk 0.00cvss epss 0.01

    October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially…

  • CVE-2021-32650Jan 14, 2022
    risk 0.00cvss epss 0.02

    October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode…

  • CVE-2021-41126Oct 6, 2021
    risk 0.00cvss epss 0.01

    October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in…

  • CVE-2021-29487Aug 26, 2021
    risk 0.00cvss epss 0.01

    octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by…

  • CVE-2021-21264May 3, 2021
    risk 0.00cvss epss 0.00

    October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 (fixed in 1.0.470/471 and 1.1.1) was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authenticated backend user with the…

  • CVE-2021-21265Mar 10, 2021
    risk 0.00cvss epss 0.02

    October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential…

  • CVE-2020-26231Nov 23, 2020
    risk 0.00cvss epss 0.00

    October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-15247 (fixed in 1.0.469 and 1.1.0) was discovered that has the same impact as CVE-2020-15247. An authenticated backend user with the cms.manage_pages,…

  • CVE-2020-15249Nov 23, 2020
    risk 0.00cvss epss 0.00

    October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files without any sanitization applied to the…

  • CVE-2020-15248Nov 23, 2020
    risk 0.00cvss epss 0.00

    October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which…

  • CVE-2020-15247Nov 23, 2020
    risk 0.00cvss epss 0.00

    October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, an authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would…