Описание
Stored Cross-Site Scripting October CMS
An svg file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code in the context of a browser via a crafted svg file. Attackers must be authenticated as users.
Пакеты
Наименование
october/october
composer
Затронутые версииВерсия исправления
<= 3.4.4
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
больше 2 лет назад
An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file.