CVE-2020-11083 (GCVE-0-2020-11083)
Vulnerability from cvelistv5 – Published: 2020-07-14 20:55 – Updated: 2024-08-04 11:21
VLAI?
Summary
In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| October CMS | October |
Affected:
>= 1.0.319, < 1.0.466
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
},
{
"name": "20200804 October CMS \u003c= Build 465 Multiple Vulnerabilities - Arbitrary File Read",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "October",
"vendor": "October CMS",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.319, \u003c 1.0.466"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-04T11:06:07",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
},
{
"name": "20200804 October CMS \u003c= Build 465 Multiple Vulnerabilities - Arbitrary File Read",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/2"
}
],
"source": {
"advisory": "GHSA-w4pj-7p68-3vgv",
"discovery": "UNKNOWN"
},
"title": "Stored XSS in October",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11083",
"STATE": "PUBLIC",
"TITLE": "Stored XSS in October"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "October",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.0.319, \u003c 1.0.466"
}
]
}
}
]
},
"vendor_name": "October CMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv",
"refsource": "CONFIRM",
"url": "https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv"
},
{
"name": "https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746",
"refsource": "MISC",
"url": "https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746"
},
{
"name": "https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94",
"refsource": "MISC",
"url": "https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94"
},
{
"name": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
},
{
"name": "20200804 October CMS \u003c= Build 465 Multiple Vulnerabilities - Arbitrary File Read",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Aug/2"
}
]
},
"source": {
"advisory": "GHSA-w4pj-7p68-3vgv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11083",
"datePublished": "2020-07-14T20:55:14",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0.319\", \"versionEndExcluding\": \"1.0.466\", \"matchCriteriaId\": \"E3FE9FB6-7669-4FDA-8099-2953B2E0B15C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1.\"}, {\"lang\": \"es\", \"value\": \"En octubre, desde versi\\u00f3n 1.0.319 y anterior a versi\\u00f3n 1.0.466, un usuario con acceso a un FormWidget de descuento que almacena datos persistentemente podr\\u00eda crear un ataque de tipo XSS almacenado contra s\\u00ed mismo y cualquier otro usuario con acceso al HTML generado desde el campo. Esto se ha corregido en 1.0.466. Para los usuarios del plugin RainLab.Blog, esto tambi\\u00e9n se ha corregido en 1.4.1\"}]",
"id": "CVE-2020-11083",
"lastModified": "2024-11-21T04:56:45.133",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N\", \"baseScore\": 3.5, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 2.5}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.7, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-07-14T21:15:10.607",
"references": "[{\"url\": \"http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Aug/2\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2020/Aug/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-11083\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-07-14T21:15:10.607\",\"lastModified\":\"2024-11-21T04:56:45.133\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1.\"},{\"lang\":\"es\",\"value\":\"En octubre, desde versi\u00f3n 1.0.319 y anterior a versi\u00f3n 1.0.466, un usuario con acceso a un FormWidget de descuento que almacena datos persistentemente podr\u00eda crear un ataque de tipo XSS almacenado contra s\u00ed mismo y cualquier otro usuario con acceso al HTML generado desde el campo. Esto se ha corregido en 1.0.466. Para los usuarios del plugin RainLab.Blog, esto tambi\u00e9n se ha corregido en 1.4.1\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":3.5,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.319\",\"versionEndExcluding\":\"1.0.466\",\"matchCriteriaId\":\"E3FE9FB6-7669-4FDA-8099-2953B2E0B15C\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Aug/2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Aug/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
GSD-2020-11083
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-11083",
"description": "In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1.",
"id": "GSD-2020-11083",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2020-11083"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-11083"
],
"details": "In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1.",
"id": "GSD-2020-11083",
"modified": "2023-12-13T01:22:06.435169Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11083",
"STATE": "PUBLIC",
"TITLE": "Stored XSS in October"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "October",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.0.319, \u003c 1.0.466"
}
]
}
}
]
},
"vendor_name": "October CMS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv",
"refsource": "CONFIRM",
"url": "https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv"
},
{
"name": "https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746",
"refsource": "MISC",
"url": "https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746"
},
{
"name": "https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94",
"refsource": "MISC",
"url": "https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94"
},
{
"name": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
},
{
"name": "20200804 October CMS \u003c= Build 465 Multiple Vulnerabilities - Arbitrary File Read",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Aug/2"
}
]
},
"source": {
"advisory": "GHSA-w4pj-7p68-3vgv",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=1.0.319,\u003c1.0.466",
"affected_versions": "All versions starting from 1.0.319 before 1.0.466",
"cvss_v2": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-79",
"CWE-937"
],
"date": "2021-03-04",
"description": "In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1.",
"fixed_versions": [
"1.0.466"
],
"identifier": "CVE-2020-11083",
"identifiers": [
"GHSA-w4pj-7p68-3vgv",
"CVE-2020-11083"
],
"not_impacted": "All versions before 1.0.319, all versions starting from 1.0.466",
"package_slug": "packagist/october/backend",
"pubdate": "2020-08-05",
"solution": "Upgrade to version 1.0.466 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv",
"https://nvd.nist.gov/vuln/detail/CVE-2020-11083",
"https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746",
"https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94",
"http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html",
"http://seclists.org/fulldisclosure/2020/Aug/2",
"https://github.com/advisories/GHSA-w4pj-7p68-3vgv"
],
"uuid": "fdd022b2-1acf-41e7-8191-bd0f5d76abe8"
},
{
"affected_range": "\u003e=1.0.319,\u003c1.0.466",
"affected_versions": "All versions starting from 1.0.319 before 1.0.466",
"cvss_v2": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2020-08-04",
"description": "In OctoberCMS, a user with access to a markdown `FormWidget` that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field.",
"fixed_versions": [
"1.0.466"
],
"identifier": "CVE-2020-11083",
"identifiers": [
"CVE-2020-11083",
"GHSA-w4pj-7p68-3vgv"
],
"not_impacted": "All versions before 1.0.319, all versions starting from 1.0.466",
"package_slug": "packagist/october/october",
"pubdate": "2020-07-14",
"solution": "Upgrade to version 1.0.466 or above.",
"title": "Cross-site Scripting",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-11083"
],
"uuid": "2348c1bd-22da-4912-877c-b02c331b5cd6"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.0.466",
"versionStartIncluding": "1.0.319",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11083"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94"
},
{
"name": "https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746"
},
{
"name": "https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv"
},
{
"name": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
},
{
"name": "20200804 October CMS \u003c= Build 465 Multiple Vulnerabilities - Arbitrary File Read",
"refsource": "FULLDISC",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/2"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-01-28T01:49Z",
"publishedDate": "2020-07-14T21:15Z"
}
}
}
GHSA-W4PJ-7P68-3VGV
Vulnerability from github – Published: 2020-08-05 14:52 – Updated: 2023-01-31 01:29
VLAI?
Summary
Stored XSS in October
Details
Impact
A user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field.
Patches
Issue has been patched in Build 466 (v1.0.466) & RainLab.Blog v1.4.1 by restricting the ability to store JS in markdown to only users that have been explicitly granted the backend.allow_unsafe_markdown permission.
Workarounds
Apply https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746 & https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94 to your installation manually if unable to upgrade to Build 466 or v1.4.1 of RainLab.Blog (if using that plugin).
References
Reported by Sivanesh Ashok
For more information
If you have any questions or comments about this advisory: * Email us at hello@octobercms.com
Threat assessment:
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "october/backend"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.319"
},
{
"fixed": "1.0.466"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-11083"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2020-07-28T19:36:22Z",
"nvd_published_at": "2020-07-14T21:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nA user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field.\n\n### Patches\nIssue has been patched in Build 466 (v1.0.466) \u0026 RainLab.Blog v1.4.1 by restricting the ability to store JS in markdown to only users that have been explicitly granted the `backend.allow_unsafe_markdown` permission.\n\n### Workarounds\nApply https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746 \u0026 https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94 to your installation manually if unable to upgrade to Build 466 or v1.4.1 of RainLab.Blog (if using that plugin).\n\n### References\nReported by [Sivanesh Ashok](https://stazot.com/)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [hello@octobercms.com](mailto:hello@octobercms.com)\n\n### Threat assessment:\n\u003cimg width=\"1100\" alt=\"Screen Shot 2020-03-31 at 2 01 52 PM\" src=\"https://user-images.githubusercontent.com/7253840/78070158-8f7ef580-7358-11ea-950c-226533f6a0a3.png\"\u003e",
"id": "GHSA-w4pj-7p68-3vgv",
"modified": "2023-01-31T01:29:13Z",
"published": "2020-08-05T14:52:44Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11083"
},
{
"type": "WEB",
"url": "https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746"
},
{
"type": "WEB",
"url": "https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2020/Aug/2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Stored XSS in October"
}
CNVD-2020-43155
Vulnerability from cnvd - Published: 2020-07-30
VLAI Severity ?
Title
October CMS跨站脚本漏洞(CNVD-2020-43155)
Description
October CMS是一套基于PHP和Laravel Web应用程序框架的开源内容管理系统(CMS)。
October CMS 1.0.319之前版本和1.0.466之前版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
Severity
低
Patch Name
October CMS跨站脚本漏洞(CNVD-2020-43155)的补丁
Patch Description
October CMS是一套基于PHP和Laravel Web应用程序框架的开源内容管理系统(CMS)。
October CMS 1.0.319之前版本和1.0.466之前版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-11083
Impacted products
| Name | ['October CMS October CMS <1.0.319', 'October CMS October CMS <1.0.466'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-11083",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-11083"
}
},
"description": "October CMS\u662f\u4e00\u5957\u57fa\u4e8ePHP\u548cLaravel Web\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u7684\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\n\nOctober CMS 1.0.319\u4e4b\u524d\u7248\u672c\u548c1.0.466\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-43155",
"openTime": "2020-07-30",
"patchDescription": "October CMS\u662f\u4e00\u5957\u57fa\u4e8ePHP\u548cLaravel Web\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u7684\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\r\n\r\nOctober CMS 1.0.319\u4e4b\u524d\u7248\u672c\u548c1.0.466\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "October CMS\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2020-43155\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"October CMS October CMS \u003c1.0.319",
"October CMS October CMS \u003c1.0.466"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-11083",
"serverity": "\u4f4e",
"submitTime": "2020-07-29",
"title": "October CMS\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2020-43155\uff09"
}
FKIE_CVE-2020-11083
Vulnerability from fkie_nvd - Published: 2020-07-14 21:15 - Updated: 2024-11-21 04:56
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| octobercms | october | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FE9FB6-7669-4FDA-8099-2953B2E0B15C",
"versionEndExcluding": "1.0.466",
"versionStartIncluding": "1.0.319",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. This has been fixed in 1.0.466. For users of the RainLab.Blog plugin, this has also been fixed in 1.4.1."
},
{
"lang": "es",
"value": "En octubre, desde versi\u00f3n 1.0.319 y anterior a versi\u00f3n 1.0.466, un usuario con acceso a un FormWidget de descuento que almacena datos persistentemente podr\u00eda crear un ataque de tipo XSS almacenado contra s\u00ed mismo y cualquier otro usuario con acceso al HTML generado desde el campo. Esto se ha corregido en 1.0.466. Para los usuarios del plugin RainLab.Blog, esto tambi\u00e9n se ha corregido en 1.4.1"
}
],
"id": "CVE-2020-11083",
"lastModified": "2024-11-21T04:56:45.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-14T21:15:10.607",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2020/Aug/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/octobercms/october/commit/9ecfb4867baae14a0d3f99f5b5c1e8a979ae8746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/octobercms/october/security/advisories/GHSA-w4pj-7p68-3vgv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rainlab/blog-plugin/commit/6ae19a6e16ef3ba730692bc899851342c858bb94"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…