CVE-2023-37692

描述

An svg file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code in the context of a browser via a crafted svg file. Attackers must be authenticated as users.

受影響套件(1)

• Packagist/october/octoberfrom 0, <= 3.4.4

CVSS 分數

參考連結(3)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-37692
• PATCHhttps://github.com/octobercms/october
• WEBhttps://okankurtulus.com.tr/2023/07/24/october-cms-v3-4-4-stored-cross-site-scripting-xss-authenticated