Vulnerabilities > Octobercms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-03 | CVE-2021-21264 | Unspecified vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 5.2 |
| 2021-03-10 | CVE-2021-21265 | Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 4.3 |
| 2021-02-05 | CVE-2021-3311 | Insufficient Session Expiration vulnerability in Octobercms October An issue was discovered in October through build 471. | 6.8 |
| 2020-11-23 | CVE-2020-26231 | Missing Authorization vulnerability in Octobercms October 1.0.469/1.1.0 October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 4.4 |
| 2020-11-23 | CVE-2020-15248 | Improper Privilege Management vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 4.6 |
| 2020-11-23 | CVE-2020-15247 | Unspecified vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. local octobercms | 4.4 |
| 2020-11-23 | CVE-2020-15246 | Path Traversal vulnerability in Octobercms October October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. | 5.0 |
| 2020-07-14 | CVE-2020-11083 | Cross-site Scripting vulnerability in Octobercms October In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. | 4.8 |
| 2020-06-04 | CVE-2020-11094 | Information Exposure Through Log Files vulnerability in Octobercms Debugbar The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. | 6.8 |
| 2020-06-03 | CVE-2020-5299 | Command Injection vulnerability in Octobercms October In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. | 4.6 |