CVE-2023-25365

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions October CMS version 3.2.0

Description A Cross Site Scripting issue allows a local attacker to execute arbitrary code via the file type .mp3.

Recommendations For October CMS version 3.2.0, update to a version that fixes this issue to prevent exploitation. As a temporary workaround, consider restricting the upload of .mp3 files to minimize the risk of exploitation.

Exploit

Fix

XSS

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-434

Related Identifiers

CVE-2023-25365

GHSA-GCGJ-QH8P-57HM

Affected Products

October Cms

CVE-2023-25365

Weakness Enumeration

Related Identifiers

Affected Products

References · 8