CVE-2023-37692 — Cross-site Scripting in October

Severity

5.4MEDIUMNVD

EPSS

0.4%

top 41.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJul 26

Description

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

▶Packagistoctober/october3.4.4

GHSA

Stored Cross-Site Scripting October CMS↗2023-07-26

▶

OSV

Stored Cross-Site Scripting October CMS↗2023-07-26

▶