october/backend
Packagist7 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting october/backendpage 1 of 1
- CVE-2020-11083LOWCVSS 3.5EG 3.5✓ Fixed in 1.0.4662020-07-14
vulnerable: v1.0.319 ... v1.0.465 (147 versions)
In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML…
- CVE-2020-15248MEDIUMCVSS 4.0EG 4.0✓ Fixed in 1.0.4702020-11-23
vulnerable: v1.0.319 ... v1.0.469 (151 versions)
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & man…
- CVE-2020-15249LOWCVSS 2.8EG 2.8✓ Fixed in 1.0.4692020-11-23
vulnerable: v1.0.319 ... v1.0.468 (150 versions)
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.469, backend users with access to upload files were permitted to upload SVG files witho…
- CVE-2020-4061LOWCVSS 3.7EG 3.7✓ Fixed in 1.0.4672020-07-02
vulnerable: v1.0.319 ... v1.0.466 (148 versions)
In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467.
- CVE-2020-5298MEDIUMCVSS 4.0EG 4.0✓ Fixed in 1.0.4662020-06-03
vulnerable: v1.0.319 ... v1.0.465 (147 versions)
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload…
- CVE-2020-5299MEDIUMCVSS 4.0EG 4.0✓ Fixed in 1.0.4662020-06-03
vulnerable: v1.0.319 ... v1.0.465 (147 versions)
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially in…
- CVE-2021-21265MEDIUMCVSS 6.8EG 6.8✓ Fixed in 1.1.22021-03-10
vulnerable: v1.0.319 ... v1.1.1 (160 versions)
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October before version 1.1.2, when running on poorly configured servers (i.e. the server routes any request, regardless of the HOST header to a…
Check whether october/backend is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for october/backend CVEs against the assets you own.
Start Free Scan →