Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/592829?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/592829?format=api", "purl": "pkg:composer/october/october@3.0.61", "type": "composer", "namespace": "october", "name": "october", "version": "3.0.61", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.1.17", "latest_non_vulnerable_version": "4.1.17", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/356842?format=api", "vulnerability_id": "VCID-9n57-9sar-yyf3", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.4101", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41176", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44381" }, { "reference_url": "https://github.com/octobercms/october", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octobercms/october" }, { "reference_url": "https://github.com/octobercms/october/security/advisories/GHSA-q22j-5r3g-9hmh", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octobercms/october/security/advisories/GHSA-q22j-5r3g-9hmh" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44381", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44381" }, { "reference_url": "https://github.com/advisories/GHSA-q22j-5r3g-9hmh", "reference_id": "GHSA-q22j-5r3g-9hmh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q22j-5r3g-9hmh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/394428?format=api", "purl": "pkg:composer/october/october@3.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jep1-ga9t-f3gr" }, { "vulnerability": "VCID-wz9u-6vry-yuhb" }, { "vulnerability": "VCID-ye2y-56tj-7yfq" }, { "vulnerability": "VCID-zr5a-scjq-s7df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.5.0" } ], "aliases": [ "CVE-2023-44381", "GHSA-q22j-5r3g-9hmh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9n57-9sar-yyf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/131366?format=api", "vulnerability_id": "VCID-jep1-ga9t-f3gr", "summary": "October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0093", "scoring_system": "epss", "scoring_elements": "0.7656", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0093", "scoring_system": "epss", "scoring_elements": "0.7663", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44383" }, { "reference_url": "https://github.com/octobercms/october", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octobercms/october" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44383", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44383" }, { "reference_url": "https://github.com/octobercms/october/commit/b7eed0bbf54d07ff310fcdc7037a8e8bf1f5043b", "reference_id": "b7eed0bbf54d07ff310fcdc7037a8e8bf1f5043b", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:38:37Z/" } ], "url": "https://github.com/octobercms/october/commit/b7eed0bbf54d07ff310fcdc7037a8e8bf1f5043b" }, { "reference_url": "https://github.com/advisories/GHSA-rvx8-p3xp-fj3p", "reference_id": "GHSA-rvx8-p3xp-fj3p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rvx8-p3xp-fj3p" }, { "reference_url": "https://github.com/octobercms/october/security/advisories/GHSA-rvx8-p3xp-fj3p", "reference_id": "GHSA-rvx8-p3xp-fj3p", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:38:37Z/" } ], "url": "https://github.com/octobercms/october/security/advisories/GHSA-rvx8-p3xp-fj3p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/394783?format=api", "purl": "pkg:composer/october/october@3.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-wz9u-6vry-yuhb" }, { "vulnerability": "VCID-ye2y-56tj-7yfq" }, { "vulnerability": "VCID-zr5a-scjq-s7df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.5.2" } ], "aliases": [ "CVE-2023-44383", "GHSA-rvx8-p3xp-fj3p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jep1-ga9t-f3gr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/356843?format=api", "vulnerability_id": "VCID-ukrq-vdbv-m7h8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50726", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.5086", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-44382" }, { "reference_url": "https://github.com/octobercms/october", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octobercms/october" }, { "reference_url": "https://github.com/octobercms/october/security/advisories/GHSA-p8q3-h652-65vx", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octobercms/october/security/advisories/GHSA-p8q3-h652-65vx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44382", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44382" }, { "reference_url": "https://github.com/advisories/GHSA-p8q3-h652-65vx", "reference_id": "GHSA-p8q3-h652-65vx", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p8q3-h652-65vx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/394428?format=api", "purl": "pkg:composer/october/october@3.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-jep1-ga9t-f3gr" }, { "vulnerability": "VCID-wz9u-6vry-yuhb" }, { "vulnerability": "VCID-ye2y-56tj-7yfq" }, { "vulnerability": "VCID-zr5a-scjq-s7df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.5.0" } ], "aliases": [ "CVE-2023-44382", "GHSA-p8q3-h652-65vx" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukrq-vdbv-m7h8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35530?format=api", "vulnerability_id": "VCID-wz9u-6vry-yuhb", "summary": "October is a Content Management System (CMS) and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the `media.clean_vectors` configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This vulnerability allows an authenticated user to bypass this protection by uploading it with a permitted extension (for example, .jpg or .png) and later modifying it to the .svg extension. This vulnerability assumes a trusted user will attack another trusted user and cannot be actively exploited without access to the administration panel and interaction from the other user. This issue has been patched in v3.7.5.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51991", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54968", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54846", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51991" }, { "reference_url": "https://github.com/octobercms/october", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octobercms/october" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51991", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51991" }, { "reference_url": "https://github.com/advisories/GHSA-96hh-8hx5-cpw7", "reference_id": "GHSA-96hh-8hx5-cpw7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-96hh-8hx5-cpw7" }, { "reference_url": "https://github.com/octobercms/october/security/advisories/GHSA-96hh-8hx5-cpw7", "reference_id": "GHSA-96hh-8hx5-cpw7", "reference_type": "", "scores": [ { "value": "1.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T18:06:02Z/" } ], "url": "https://github.com/octobercms/october/security/advisories/GHSA-96hh-8hx5-cpw7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/378991?format=api", "purl": "pkg:composer/october/october@3.7.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.7.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/797383?format=api", "purl": "pkg:composer/october/october@3.7.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-zr5a-scjq-s7df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.7.10" } ], "aliases": [ "CVE-2024-51991", "GHSA-96hh-8hx5-cpw7" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wz9u-6vry-yuhb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167565?format=api", "vulnerability_id": "VCID-xevy-axzn-n7g1", "summary": "October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the \"Editor\" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35944", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.6781", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00532", "scoring_system": "epss", "scoring_elements": "0.67721", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35944" }, { "reference_url": "https://github.com/octobercms/october", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octobercms/october" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35944", "reference_id": "CVE-2022-35944", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35944" }, { "reference_url": "https://github.com/advisories/GHSA-x4q7-m6fp-4v9v", "reference_id": "GHSA-x4q7-m6fp-4v9v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x4q7-m6fp-4v9v" }, { "reference_url": "https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v", "reference_id": "GHSA-x4q7-m6fp-4v9v", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:47:57Z/" } ], "url": "https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/592831?format=api", "purl": "pkg:composer/october/october@3.0.74", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9n57-9sar-yyf3" }, { "vulnerability": "VCID-jep1-ga9t-f3gr" }, { "vulnerability": "VCID-ukrq-vdbv-m7h8" }, { "vulnerability": "VCID-wz9u-6vry-yuhb" }, { "vulnerability": "VCID-ye2y-56tj-7yfq" }, { "vulnerability": "VCID-zr5a-scjq-s7df" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.0.74" } ], "aliases": [ "CVE-2022-35944", "GHSA-x4q7-m6fp-4v9v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xevy-axzn-n7g1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40623?format=api", "vulnerability_id": "VCID-ye2y-56tj-7yfq", "summary": "October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45962", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50729", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50863", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45962" }, { "reference_url": "https://github.com/octobercms/october", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octobercms/october" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45962", "reference_id": "CVE-2024-45962", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45962" }, { "reference_url": "https://github.com/advisories/GHSA-hxpp-g76m-qhvg", "reference_id": "GHSA-hxpp-g76m-qhvg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hxpp-g76m-qhvg" }, { "reference_url": "https://grimthereaperteam.medium.com/october-cms-3-6-30-stored-xss-ddf2be7a226e", "reference_id": "october-cms-3-6-30-stored-xss-ddf2be7a226e", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" }, { "value": "1.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T20:33:25Z/" } ], "url": "https://grimthereaperteam.medium.com/october-cms-3-6-30-stored-xss-ddf2be7a226e" } ], "fixed_packages": [], "aliases": [ "CVE-2024-45962", "GHSA-hxpp-g76m-qhvg" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ye2y-56tj-7yfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70998?format=api", "vulnerability_id": "VCID-zr5a-scjq-s7df", "summary": "October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safe_mode is enabled. Backend users with Developer permissions could use Twig template markup to execute insert, update, and delete operations on any database table through the query builder, which is included in the sandbox allow-list. This vulnerability is fixed in 3.7.14 and 4.1.10.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26274", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22947", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00075", "scoring_system": "epss", "scoring_elements": "0.22751", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-26274" }, { "reference_url": "https://github.com/octobercms/october", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/octobercms/october" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26274", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26274" }, { "reference_url": "https://github.com/advisories/GHSA-h6jm-f4hh-fw27", "reference_id": "GHSA-h6jm-f4hh-fw27", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h6jm-f4hh-fw27" }, { "reference_url": "https://github.com/octobercms/october/security/advisories/GHSA-h6jm-f4hh-fw27", "reference_id": "GHSA-h6jm-f4hh-fw27", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:16:28Z/" } ], "url": "https://github.com/octobercms/october/security/advisories/GHSA-h6jm-f4hh-fw27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373342?format=api", "purl": "pkg:composer/october/october@3.7.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.7.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/373343?format=api", "purl": "pkg:composer/october/october@4.1.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/october/october@4.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1023601?format=api", "purl": "pkg:composer/october/october@4.1.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/october/october@4.1.17" } ], "aliases": [ "CVE-2026-26274", "GHSA-h6jm-f4hh-fw27" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zr5a-scjq-s7df" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.0.61" }