CVE-2023-25365

Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cupc4k3.medium.com/cve-2023-25365-xss-via-file-upload-bypass-ddf4d2a106a7	Exploit Press/Media Coverage Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:octobercms:october:3.2.0:*:*:*:*:*:*:*

History

15 Feb 2024, 16:01

Type	Values Removed	Values Added
First Time		Octobercms Octobercms october
References	~~() https://cupc4k3.medium.com/cve-2023-25365-xss-via-file-upload-bypass-ddf4d2a106a7 -~~	() https://cupc4k3.medium.com/cve-2023-25365-xss-via-file-upload-bypass-ddf4d2a106a7 - Exploit, Press/Media Coverage, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-434
CPE		cpe:2.3:a:octobercms:october:3.2.0:::::::*
Summary		(es) La vulnerabilidad de Cross Site Scripting encontrada en October CMS v.3.2.0 permite a un atacante local ejecutar código arbitrario a través del tipo de archivo .mp3

08 Feb 2024, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-08 22:15

Updated : 2024-02-15 16:01

NVD link : CVE-2023-25365

Mitre link : CVE-2023-25365

CVE.ORG link : CVE-2023-25365

JSON object : View

Products Affected

octobercms

october

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

7.8 /10