Tag
#wordpress
October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has article posting capabilities.
October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has category-creating capabilities.
October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has blog-creating capabilities.
October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability when a user has author posting capabilities.
October CMS version 3.4.0 suffers from a persistent cross site scripting vulnerability where a user has the ability to edit the landing/about page.
OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to edit the landing/about page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.
OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to a category-creating feature that stores data persistently could create a stored XSS attack against any other users visiting the blog page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.
OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to a blog-creating feature that stores data persistently could perform a stored XSS attack against any other users visiting the blog page. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.
OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to be an author feature could perform a stored XSS attack against any other users visiting the posts by the author. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.
OctoberCMS suffers from stored cross-site scripting vulnerability when a user with the ability to create an article could perform a stored XSS attack against any other users with the ability to create an article. This can lead to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.