1.0.416

DATE	CVE	VULNERABILITY TITLE	RISK
2018-02-18	CVE-2018-7198	Cross-site Scripting vulnerability in Octobercms October October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. network octobercms CWE-79	4.3
2017-11-25	CVE-2017-16941	Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. network low complexity octobercms CWE-434	8.8