Cross-site Scripting in OctoberPotential self-XSS when pasting content from malicious websites
CVE-2020-4061

3.7LOW

Key Information:

Vendor: October Cms
Status: October
Vendor: CVE Published:; 2 July 2020

🔔 Create October Cms Vulnerability Alert

What is CVE-2020-4061?

In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467.

Affected Version(s)

October >= 1.0.319, < 1.0.467

References

https://github.com/octobercms/october/security/advisories...

x_refsource_CONFIRM

https://github.com/octobercms/october/commit/b384954a29b8...

x_refsource_MISC

https://research.securitum.com/the-curious-case-of-copy-p...

x_refsource_MISC

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2020
Vulnerability Reserved
Dec 30, 2019