Vulnerability Description
October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Octobercms | October | >= 3.0.0, < 3.5.2 |
Related Weaknesses (CWE)
References
- https://github.com/octobercms/october/commit/b7eed0bbf54d07ff310fcdc7037a8e8bf1fPatch
- https://github.com/octobercms/october/security/advisories/GHSA-rvx8-p3xp-fj3pMitigationVendor Advisory
- https://github.com/octobercms/october/commit/b7eed0bbf54d07ff310fcdc7037a8e8bf1fPatch
- https://github.com/octobercms/october/security/advisories/GHSA-rvx8-p3xp-fj3pMitigationVendor Advisory
FAQ
What is CVE-2023-44383?
CVE-2023-44383 is a vulnerability with a CVSS score of 5.4 (MEDIUM). October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack agains...
How severe is CVE-2023-44383?
CVE-2023-44383 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-44383?
Check the references section above for vendor advisories and patch information. Affected products include: Octobercms October.