ID CVE-2017-15284
Summary Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
exploit-db via4
author Ishaq Mohammed
date 2017-10-12
description OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting
file platforms/php/webapps/42978.txt
id 42978
platform php
port 0
type webapps
refmap via4
misc
Last major update 12-10-2017 - 04:29
Published 12-10-2017 - 04:29
Last modified 16-10-2017 - 21:29
Back to Top