Stored XSS Vulnerability in October CMS Media Manager

Stored XSS Vulnerability in October CMS Media Manager

CVE-2023-44383 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2.

Learn more about our Web App Pen Testing.