Vulnerabilities > Octobercms > October > 1.0.436

DATE CVE VULNERABILITY TITLE RISK
2018-07-23 CVE-2018-1999008 Cross-site Scripting vulnerability in Octobercms October
October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content.
network
low complexity
octobercms CWE-79
5.4
5.4