CVE-2023-43876

Name of the Vulnerable Software and Affected Versions October CMS version 3.4.16

Description A Cross-Site Scripting (XSS) vulnerability in the installer of October CMS allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.

Recommendations For version 3.4.16, consider disabling the installer until a patch is available to prevent exploitation of the XSS vulnerability. As a temporary workaround, restrict the input for the dbhost field to minimize the risk of arbitrary web script execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.