Vulnerabilities > Octobercms > October > 1.0.418
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-18 | CVE-2018-7198 | Cross-site Scripting vulnerability in Octobercms October October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. | 6.1 |
| 2017-11-25 | CVE-2017-16941 | Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a .htaccess file. | 8.8 |