Vulnerabilities > Octobercms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-03 | CVE-2021-21264 | Missing Authorization vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 4.4 |
| 2021-03-10 | CVE-2021-21265 | Improper Neutralization of Http Headers for Scripting Syntax vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 4.3 |
| 2021-02-05 | CVE-2021-3311 | Insufficient Session Expiration vulnerability in Octobercms October An issue was discovered in October through build 471. | 6.8 |
| 2020-11-23 | CVE-2020-26231 | Missing Authorization vulnerability in Octobercms October 1.0.469/1.1.0 October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 4.4 |
| 2020-11-23 | CVE-2020-15249 | Cross-Site Scripting vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 3.5 |
| 2020-11-23 | CVE-2020-15248 | Incorrect Authorization vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 4.6 |
| 2020-11-23 | CVE-2020-15247 | Missing Authorization vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 4.4 |
| 2020-11-23 | CVE-2020-15246 | Incorrect Authorization vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 5.0 |
| 2020-07-31 | CVE-2020-15128 | Reliance ON Cookies Without Validation and Integrity Checking vulnerability in Octobercms October In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. | 3.5 |
| 2020-07-14 | CVE-2020-11083 | Cross-Site Scripting vulnerability in Octobercms October In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. | 3.5 |