Vulnerabilities > Octobercms

DATE CVE VULNERABILITY TITLE RISK
2021-05-03 CVE-2021-21264 Missing Authorization vulnerability in Octobercms October
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework.
4.4
2021-03-10 CVE-2021-21265 Improper Neutralization of Http Headers for Scripting Syntax vulnerability in Octobercms October
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework.
4.3
2021-02-05 CVE-2021-3311 Insufficient Session Expiration vulnerability in Octobercms October
An issue was discovered in October through build 471.
6.8
2020-11-23 CVE-2020-26231 Missing Authorization vulnerability in Octobercms October 1.0.469/1.1.0
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework.
4.4
2020-11-23 CVE-2020-15249 Cross-Site Scripting vulnerability in Octobercms October
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework.
network
octobercms CWE-79
3.5
2020-11-23 CVE-2020-15248 Incorrect Authorization vulnerability in Octobercms October
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework.
local
low complexity
octobercms CWE-863
4.6
2020-11-23 CVE-2020-15247 Missing Authorization vulnerability in Octobercms October
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework.
4.4
2020-11-23 CVE-2020-15246 Incorrect Authorization vulnerability in Octobercms October
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework.
network
low complexity
octobercms CWE-863
5.0
2020-07-31 CVE-2020-15128 Reliance ON Cookies Without Validation and Integrity Checking vulnerability in Octobercms October
In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to.
3.5
2020-07-14 CVE-2020-11083 Cross-Site Scripting vulnerability in Octobercms October
In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field.
network
octobercms CWE-79
3.5