CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25637

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy interception tool. This issue has been patched in version 3.5.15.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.7%

CVSS Severity

CVSS v3 Score 3.1

References

Products affected by CVE-2024-25637

Octobercms » October » Version: 3.2.0

cpe:2.3:a:octobercms:october:3.2.0
Octobercms » October » Version: 3.2.10

cpe:2.3:a:octobercms:october:3.2.10
Octobercms » October » Version: 3.2.11

cpe:2.3:a:octobercms:october:3.2.11
Octobercms » October » Version: 3.2.12

cpe:2.3:a:octobercms:october:3.2.12
Octobercms » October » Version: 3.2.14

cpe:2.3:a:octobercms:october:3.2.14
Octobercms » October » Version: 3.2.16

cpe:2.3:a:octobercms:october:3.2.16
Octobercms » October » Version: 3.2.17

cpe:2.3:a:octobercms:october:3.2.17
Octobercms » October » Version: 3.2.21

cpe:2.3:a:octobercms:october:3.2.21
Octobercms » October » Version: 3.2.22

cpe:2.3:a:octobercms:october:3.2.22
Octobercms » October » Version: 3.2.23

cpe:2.3:a:octobercms:october:3.2.23
Octobercms » October » Version: 3.2.7

cpe:2.3:a:octobercms:october:3.2.7
Octobercms » October » Version: 3.2.8

cpe:2.3:a:octobercms:october:3.2.8
Octobercms » October » Version: 3.3.0

cpe:2.3:a:octobercms:october:3.3.0
Octobercms » October » Version: 3.3.11

cpe:2.3:a:octobercms:october:3.3.11
Octobercms » October » Version: 3.3.12

cpe:2.3:a:octobercms:october:3.3.12
Octobercms » October » Version: 3.3.14

cpe:2.3:a:octobercms:october:3.3.14
Octobercms » October » Version: 3.3.17

cpe:2.3:a:octobercms:october:3.3.17
Octobercms » October » Version: 3.3.19

cpe:2.3:a:octobercms:october:3.3.19
Octobercms » October » Version: 3.3.20

cpe:2.3:a:octobercms:october:3.3.20
Octobercms » October » Version: 3.3.3

cpe:2.3:a:octobercms:october:3.3.3
Octobercms » October » Version: 3.3.5

cpe:2.3:a:octobercms:october:3.3.5
Octobercms » October » Version: 3.3.7

cpe:2.3:a:octobercms:october:3.3.7
Octobercms » October » Version: 3.3.8

cpe:2.3:a:octobercms:october:3.3.8
Octobercms » October » Version: 3.3.9

cpe:2.3:a:octobercms:october:3.3.9
Octobercms » October » Version: 3.4.0

cpe:2.3:a:octobercms:october:3.4.0
Octobercms » October » Version: 3.4.10

cpe:2.3:a:octobercms:october:3.4.10
Octobercms » October » Version: 3.4.11

cpe:2.3:a:octobercms:october:3.4.11
Octobercms » October » Version: 3.4.12

cpe:2.3:a:octobercms:october:3.4.12
Octobercms » October » Version: 3.4.14

cpe:2.3:a:octobercms:october:3.4.14
Octobercms » October » Version: 3.4.15

cpe:2.3:a:octobercms:october:3.4.15
Octobercms » October » Version: 3.4.16

cpe:2.3:a:octobercms:october:3.4.16
Octobercms » October » Version: 3.4.18

cpe:2.3:a:octobercms:october:3.4.18
Octobercms » October » Version: 3.4.4

cpe:2.3:a:octobercms:october:3.4.4
Octobercms » October » Version: 3.4.6

cpe:2.3:a:octobercms:october:3.4.6
Octobercms » October » Version: 3.4.8

cpe:2.3:a:octobercms:october:3.4.8
Octobercms » October » Version: 3.5.0

cpe:2.3:a:octobercms:october:3.5.0
Octobercms » October » Version: 3.5.1

cpe:2.3:a:octobercms:october:3.5.1
Octobercms » October » Version: 3.5.12

cpe:2.3:a:octobercms:october:3.5.12
Octobercms » October » Version: 3.5.13

cpe:2.3:a:octobercms:october:3.5.13
Octobercms » October » Version: 3.5.14

cpe:2.3:a:octobercms:october:3.5.14
Octobercms » October » Version: 3.5.3

cpe:2.3:a:octobercms:october:3.5.3
Octobercms » October » Version: 3.5.4

cpe:2.3:a:octobercms:october:3.5.4
Octobercms » October » Version: 3.5.5

cpe:2.3:a:octobercms:october:3.5.5
Octobercms » October » Version: 3.5.6

cpe:2.3:a:octobercms:october:3.5.6
Octobercms » October » Version: 3.5.7

cpe:2.3:a:octobercms:october:3.5.7
Octobercms » October » Version: 3.5.9

cpe:2.3:a:octobercms:october:3.5.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-25637

Products

Pricing

Contact Us