OctobercmsCVEs & Vulnerabilities
51 CVEs affecting Octobercms products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
51 CVEs→ All vendors
Most Affected Products
october 53debugbar 1
CVE-2017-1000119HIGHpoc
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.
5 Oct 2017
7.2
CVSS
CVE-2015-5613MEDIUM
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612.
28 Sep 2017
5.4
CVSS
CVE-2015-5612MEDIUM
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.
4 Sep 2015
4.3
CVSS