cbcvebase.
CVE-2023-44383
published 2023-11-29

CVE-2023-44383: October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG…

PriorityP428medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.41%
32.7th percentile
October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2.

Affected

3 ranges
VendorProductVersion rangeFixed in
octobersystem>= 3.0.0 < 3.5.23.5.2
octobercmsoctober
octobercmsoctober>= 3.0.0 < 3.5.23.5.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.