Vulnerabilities > Octobercms > October > 1.0.147
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-13 | CVE-2022-35944 | Code Injection vulnerability in Octobercms October October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. | 7.2 |
| 2022-07-12 | CVE-2022-24800 | Race Condition vulnerability in Octobercms October October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. | 6.8 |
| 2022-02-24 | CVE-2022-23655 | Improper Verification of Cryptographic Signature vulnerability in Octobercms October Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. | 2.6 |
| 2022-02-23 | CVE-2022-21705 | Unspecified vulnerability in Octobercms October Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. | 7.2 |
| 2022-01-14 | CVE-2021-32649 | Code Injection vulnerability in Octobercms October October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. | 6.5 |
| 2021-05-03 | CVE-2021-21264 | Unspecified vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 5.2 |
| 2021-03-10 | CVE-2021-21265 | Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 4.3 |
| 2021-02-05 | CVE-2021-3311 | Insufficient Session Expiration vulnerability in Octobercms October An issue was discovered in October through build 471. | 6.8 |
| 2020-07-31 | CVE-2020-15128 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Octobercms October In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. | 3.5 |
| 2018-07-23 | CVE-2018-1999008 | Cross-site Scripting vulnerability in Octobercms October October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. | 3.5 |