CVE-2018-1999008
Last modified
CVE-2018-1999008 is a vulnerability of currently unknown severity. October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable via an Authenticated user with media module permission who can create arbitrary folder name (XSS). EPSS estimates a 0.52% chance of exploitation in the next 30 days.
Description
October CMS version prior to build 437 contains a Cross Site Scripting (XSS) vulnerability in the Media module and create folder functionality that can result in an Authenticated user with media module permission creating arbitrary folder name with XSS content. This attack appear to be exploitable via an Authenticated user with media module permission who can create arbitrary folder name (XSS). This vulnerability appears to have been fixed in build 437.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Octobercms | October | < 1.0.437 |
References
- https://octobercms.com/support/article/rn-10Patch, Vendor Advisory
- https://octobercms.com/support/article/rn-10Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1999008?
How severe is CVE-2018-1999008?
How do I fix CVE-2018-1999008?
Are you affected by CVE-2018-1999008?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST