Vulnerability Description
In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467.
CVSS Score
3.7
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Octobercms | October | >= 1.0.319, < 1.0.467 |
Related Weaknesses (CWE)
References
- https://github.com/octobercms/october/commit/b384954a29b89117e1c0d6035b3ede4f46dPatchThird Party Advisory
- https://github.com/octobercms/october/security/advisories/GHSA-3pc2-fm7p-q2vgThird Party Advisory
- https://research.securitum.com/the-curious-case-of-copy-paste/ExploitThird Party Advisory
- https://github.com/octobercms/october/commit/b384954a29b89117e1c0d6035b3ede4f46dPatchThird Party Advisory
- https://github.com/octobercms/october/security/advisories/GHSA-3pc2-fm7p-q2vgThird Party Advisory
- https://research.securitum.com/the-curious-case-of-copy-paste/ExploitThird Party Advisory
FAQ
What is CVE-2020-4061?
CVE-2020-4061 is a vulnerability with a CVSS score of 3.7 (LOW). In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed ...
How severe is CVE-2020-4061?
CVE-2020-4061 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-4061?
Check the references section above for vendor advisories and patch information. Affected products include: Octobercms October.