CVE-2020-4061

Name of the Vulnerable Software and Affected Versions October CMS versions 1.0.319 through 1.0.466

Description Pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This issue is assessed as Low, given that it can only impact users who copy and paste from malicious websites. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For versions 1.0.319 through 1.0.466, update to version 1.0.467 to resolve the issue. As a temporary workaround for versions that cannot be updated to 1.0.467, apply the patch from https://github.com/octobercms/october/commit/b384954a29b89117e1c0d6035b3ede4f46df67c5 to your installation manually.