CVE-2020-5298

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466).
Configurations

Configuration 1

cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*

Information

Published : 2020-06-03 10:15

Updated : 2022-06-30 02:46


NVD link : CVE-2020-5298

Mitre link : CVE-2020-5298

Products Affected
No products.
CWE