Cross Site Scripting Vulnerability in October CMS Media Module by October
CVE-2018-1999008

5.4MEDIUM

Key Information:

Vendor: Octobercms
Status: October
Vendor: CVE Published:; 3 October 2022

What is CVE-2018-1999008?

An XSS vulnerability exists in the Media module of October CMS prior to build 437, allowing authenticated users with media module permissions to create folders with arbitrary names that contain XSS payloads. This can potentially lead to malicious scripts being executed in the context of the affected application, posing a significant security risk. The vulnerability is mitigated in build 437, which addresses the security flaw.

References

https://octobercms.com/support/article/rn-10

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2022
Vulnerability Reserved
Jul 11, 2018

CVE-2018-1999008 Data

JSON

Octobercms

What is CVE-2018-1999008?

References

CVSS V3.1

Timeline