october/october Security Advisories for v2.1.5 (5)
-
[LOW] October CMS Allows Unprotected SVG Rename in Media Manager
PKSA-1r2f-d74z-j32s CVE-2024-51991 GHSA-96hh-8hx5-cpw7
Affected version: <3.7.5
Reported by:
GitHub -
[LOW] October allows an admin account to upload PDF containing malicious JavaScript
PKSA-b37x-tgms-g4z2 CVE-2024-45962 GHSA-hxpp-g76m-qhvg
Affected version: <=3.6.4
Reported by:
GitHub -
[HIGH] October CMS Cross-site Scripting vulnerability
PKSA-f5gt-nmcq-d353 CVE-2023-25365 GHSA-gcgj-qh8p-57hm
Affected version: <=3.2.0
Reported by:
GitHub -
[MEDIUM] Stored Cross-Site Scripting October CMS
PKSA-mn5j-jgxn-wwt6 CVE-2023-37692 GHSA-r47v-rxcg-p28j
Affected version: <=3.4.4
Reported by:
GitHub -
[HIGH] Deleted Admin Can Sign In to Admin Interface
PKSA-y68s-zs8j-k56p CVE-2021-41126 GHSA-6gjf-7w99-j7x7
Affected version: >=2.1.0,<2.1.12
Reported by:
GitHub