Filtered by vendor Octobercms Subscriptions
Filtered by product October Subscriptions
Total 47 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-1000195 1 Octobercms 1 October 2024-11-21 N/A
October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server.
CVE-2017-1000194 1 Octobercms 1 October 2024-11-21 N/A
October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server.
CVE-2017-1000193 1 Octobercms 1 October 2024-11-21 N/A
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.
CVE-2017-1000119 1 Octobercms 1 October 2024-11-21 N/A
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.
CVE-2015-5613 1 Octobercms 1 October 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612.
CVE-2015-5612 1 Octobercms 1 October 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.
CVE-2024-45962 1 Octobercms 1 October 2024-10-04 4.7 Medium
October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target.