cbcvebase.
CVE-2024-45962
published 2024-10-02

CVE-2024-45962: October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed…

PriorityP420medium4.7CVSS 3.1
AVNACLPRNUIRSCCNILAN
EPSS
0.47%
37.0th percentile
October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target.

Affected

2 ranges
VendorProductVersion rangeFixed in
octoberoctober0 – 3.6.4
octobercmsoctober
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.