Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-7198 — Cross-site Scripting in October

Severity

6.1MEDIUMNVD

EPSS

1.1%

top 22.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Timeline

PublishedFeb 18

Latest updateMay 13

Description

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

OSV

October CMS - RainLab Blog Plugin XSS↗2022-05-13

▶

GHSA

October CMS - RainLab Blog Plugin XSS↗2022-05-13

▶

Exploit-DB

October CMS < 1.0.431 - Cross-Site Scripting↗2018-02-19

▶