Vulnerability Details CVE-2023-44383
October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.9%
CVSS Severity
CVSS v3 Score 5.4
References
- https://github.com/octobercms/october/commit/b7eed0bbf54d07ff310fcdc7037a8e8bf1f5043b
- https://github.com/octobercms/october/security/advisories/GHSA-rvx8-p3xp-fj3p
- https://github.com/octobercms/october/commit/b7eed0bbf54d07ff310fcdc7037a8e8bf1f5043b
- https://github.com/octobercms/october/security/advisories/GHSA-rvx8-p3xp-fj3p
Products affected by CVE-2023-44383
-
cpe:2.3:a:octobercms:october:3.0.0
-
cpe:2.3:a:octobercms:october:3.0.10
-
cpe:2.3:a:octobercms:october:3.0.17
-
cpe:2.3:a:octobercms:october:3.0.2
-
cpe:2.3:a:octobercms:october:3.0.22
-
cpe:2.3:a:octobercms:october:3.0.40
-
cpe:2.3:a:octobercms:october:3.0.42
-
cpe:2.3:a:octobercms:october:3.0.45
-
cpe:2.3:a:octobercms:october:3.0.46
-
cpe:2.3:a:octobercms:october:3.0.56
-
cpe:2.3:a:octobercms:october:3.0.6
-
cpe:2.3:a:octobercms:october:3.0.61
-
cpe:2.3:a:octobercms:october:3.0.62
-
cpe:2.3:a:octobercms:october:3.0.63
-
cpe:2.3:a:octobercms:october:3.0.64
-
cpe:2.3:a:octobercms:october:3.0.65
-
cpe:2.3:a:octobercms:october:3.0.66
-
cpe:2.3:a:octobercms:october:3.0.67
-
cpe:2.3:a:octobercms:october:3.0.69
-
cpe:2.3:a:octobercms:october:3.0.7
-
cpe:2.3:a:octobercms:october:3.0.70
-
cpe:2.3:a:octobercms:october:3.0.71
-
cpe:2.3:a:octobercms:october:3.0.72
-
cpe:2.3:a:octobercms:october:3.0.73
-
cpe:2.3:a:octobercms:october:3.0.74
-
cpe:2.3:a:octobercms:october:3.0.75
-
cpe:2.3:a:octobercms:october:3.0.76
-
cpe:2.3:a:octobercms:october:3.0.9
-
cpe:2.3:a:octobercms:october:3.1.0
-
cpe:2.3:a:octobercms:october:3.1.11
-
cpe:2.3:a:octobercms:october:3.1.12
-
cpe:2.3:a:octobercms:october:3.1.16
-
cpe:2.3:a:octobercms:october:3.1.19
-
cpe:2.3:a:octobercms:october:3.1.21
-
cpe:2.3:a:octobercms:october:3.1.22
-
cpe:2.3:a:octobercms:october:3.1.24
-
cpe:2.3:a:octobercms:october:3.1.25
-
cpe:2.3:a:octobercms:october:3.1.26
-
cpe:2.3:a:octobercms:october:3.1.28
-
cpe:2.3:a:octobercms:october:3.1.29
-
cpe:2.3:a:octobercms:october:3.1.4
-
cpe:2.3:a:octobercms:october:3.1.8
-
cpe:2.3:a:octobercms:october:3.1.9
-
cpe:2.3:a:octobercms:october:3.2.0
-
cpe:2.3:a:octobercms:october:3.2.10
-
cpe:2.3:a:octobercms:october:3.2.11
-
cpe:2.3:a:octobercms:october:3.2.12
-
cpe:2.3:a:octobercms:october:3.2.14
-
cpe:2.3:a:octobercms:october:3.2.16
-
cpe:2.3:a:octobercms:october:3.2.17
-
cpe:2.3:a:octobercms:october:3.2.21
-
cpe:2.3:a:octobercms:october:3.2.22
-
cpe:2.3:a:octobercms:october:3.2.23
-
cpe:2.3:a:octobercms:october:3.2.7
-
cpe:2.3:a:octobercms:october:3.2.8
-
cpe:2.3:a:octobercms:october:3.3.0
-
cpe:2.3:a:octobercms:october:3.3.11
-
cpe:2.3:a:octobercms:october:3.3.12
-
cpe:2.3:a:octobercms:october:3.3.14
-
cpe:2.3:a:octobercms:october:3.3.17
-
cpe:2.3:a:octobercms:october:3.3.19
-
cpe:2.3:a:octobercms:october:3.3.20
-
cpe:2.3:a:octobercms:october:3.3.3
-
cpe:2.3:a:octobercms:october:3.3.5
-
cpe:2.3:a:octobercms:october:3.3.7
-
cpe:2.3:a:octobercms:october:3.3.8
-
cpe:2.3:a:octobercms:october:3.3.9
-
cpe:2.3:a:octobercms:october:3.4.0
-
cpe:2.3:a:octobercms:october:3.4.10
-
cpe:2.3:a:octobercms:october:3.4.11
-
cpe:2.3:a:octobercms:october:3.4.12
-
cpe:2.3:a:octobercms:october:3.4.14
-
cpe:2.3:a:octobercms:october:3.4.15
-
cpe:2.3:a:octobercms:october:3.4.16
-
cpe:2.3:a:octobercms:october:3.4.18
-
cpe:2.3:a:octobercms:october:3.4.4
-
cpe:2.3:a:octobercms:october:3.4.6
-
cpe:2.3:a:octobercms:october:3.4.8
-
cpe:2.3:a:octobercms:october:3.5.0
-
cpe:2.3:a:octobercms:october:3.5.1