CVE-2023-25365 — Unrestricted File Upload in October

Severity

7.8HIGHNVD

EPSS

0.0%

top 85.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedFeb 8

Latest updateFeb 9

Description

Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

▶Packagistoctober/october3.2.0

GHSA

October CMS Cross-site Scripting vulnerability↗2024-02-09

▶

OSV

October CMS Cross-site Scripting vulnerability↗2024-02-09

▶