Description

October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target.

INFO

Published Date :

2024-10-02T00:00:00.000Z

Last Modified :

2024-10-02T20:35:08.391Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45962 vulnerability.

Vendors Products
Octobercms
  • October
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45962.

URL Resource
https://grimthereaperteam.medium.com/october-cms-3-6-30-stored-xss-ddf2be7a226e cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact