CVE-2017-1000193
published 2017-11-17CVE-2017-1000193: October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.
PriorityP425medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.00%
58.6th percentile
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| october | october | >= 0 < 1.0.413 | 1.0.413 |
| octobercms | october | <= 1.0.412 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
October CMS XSS
osv·2022-05-13
CVE-2017-1000193 [MEDIUM] October CMS XSS
October CMS XSS
October CMS build 412 is vulnerable to stored XSS in brand logo image name resulting in JavaScript code execution in the victim's browser.
GHSA
October CMS XSS
ghsa·2022-05-13
CVE-2017-1000193 [MEDIUM] CWE-79 October CMS XSS
October CMS XSS
October CMS build 412 is vulnerable to stored XSS in brand logo image name resulting in JavaScript code execution in the victim's browser.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-11-17
Published