Vulnerabilities > Octobercms > October > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2022-23655 | Improper Verification of Cryptographic Signature vulnerability in Octobercms October Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. | 2.6 |
| 2020-11-23 | CVE-2020-15249 | Cross-site Scripting vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 3.5 |
| 2020-07-31 | CVE-2020-15128 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Octobercms October In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. | 3.5 |
| 2020-07-02 | CVE-2020-4061 | Cross-site Scripting vulnerability in Octobercms October In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. | 3.5 |
| 2020-06-03 | CVE-2020-5298 | Improper Neutralization of Alternate XSS Syntax vulnerability in Octobercms October In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466). | 3.5 |
| 2018-07-23 | CVE-2018-1999008 | Cross-site Scripting vulnerability in Octobercms October October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. | 3.5 |
| 2017-10-12 | CVE-2017-15284 | Cross-site Scripting vulnerability in Octobercms October 1.0.425 Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. | 3.5 |
| 2017-09-28 | CVE-2015-5613 | Cross-site Scripting vulnerability in Octobercms October Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612. | 3.5 |