๐ CVE-2020-5298
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: web.nvd.nist.gov
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466). ...