CVE-2020-4061

Опубликовано: 02 июл. 2020

Источник: nvd

CVSS3: 3.7

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467.

Ссылки

https://github.com/octobercms/october/commit/b384954a29b89117e1c0d6035b3ede4f46df67c5
Patch
Third Party Advisory
https://github.com/octobercms/october/security/advisories/GHSA-3pc2-fm7p-q2vg
Third Party Advisory
https://research.securitum.com/the-curious-case-of-copy-paste/
Exploit
Third Party Advisory
https://github.com/octobercms/october/commit/b384954a29b89117e1c0d6035b3ede4f46df67c5
Patch
Third Party Advisory
https://github.com/octobercms/october/security/advisories/GHSA-3pc2-fm7p-q2vg
Third Party Advisory
https://research.securitum.com/the-curious-case-of-copy-paste/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*

Версия от 1.0.319 (включая) до 1.0.467 (исключая)

EPSS

Процентиль: 54%

0.00309

Низкий

3.7 Low

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-3pc2-fm7p-q2vg

CVSS3: 3.7

github

больше 5 лет назад

Cross-site Scripting in October

EPSS

Процентиль: 54%

0.00309

Низкий

3.7 Low

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79