Количество 2
Количество 2
CVE-2020-5298
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466).
GHSA-gg6x-xx78-448c
Reflected XSS when importing CSV in OctoberCMS
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-5298 In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466). | CVSS3: 4 | 1% Низкий | больше 5 лет назад |
| GHSA-gg6x-xx78-448c Reflected XSS when importing CSV in OctoberCMS | CVSS3: 4 | 1% Низкий | больше 5 лет назад |
Уязвимостей на страницу