PT-2015-6986 · October · October Cms

Abhi-R3V0

Published

2015-09-04

Updated

2022-05-17

CVE-2015-5612

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions October CMS versions prior to build 272

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.

Recommendations For October CMS versions prior to build 272, update to build 272 or later to resolve the issue. As a temporary workaround, consider restricting the use of the caption tag in profile images until a patch is applied.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2015-5612

GHSA-9HQ8-V2JC-QJ4R

Affected Products

October Cms

PT-2015-6986 · October · October Cms

CVE-2015-5612

Weakness Enumeration

Related Identifiers

Affected Products

References · 6