Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/october/october@1.1.1
Typecomposer
Namespaceoctober
Nameoctober
Version1.1.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.17
Latest_non_vulnerable_version4.1.17
Affected_by_vulnerabilities
0
url VCID-1b4g-vts2-akgy
vulnerability_id VCID-1b4g-vts2-akgy
summary October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user can perform remote code execution (RCE) by exploiting a race condition in the temporary storage directory. This vulnerability affects plugins that expose the `October\Rain\Database\Attach\File::fromData` as a public interface and does not affect vanilla installations of October CMS since this method is not exposed or used by the system internally or externally. The issue has been patched in Build 476 (v1.0.476), v1.1.12, and v2.2.15. Those who are unable to upgrade may apply with patch to their installation manually as a workaround.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24800
reference_id
reference_type
scores
0
value 0.02925
scoring_system epss
scoring_elements 0.86714
published_at 2026-06-11T12:55:00Z
1
value 0.02925
scoring_system epss
scoring_elements 0.8677
published_at 2026-06-14T12:55:00Z
2
value 0.02925
scoring_system epss
scoring_elements 0.86763
published_at 2026-06-12T12:55:00Z
3
value 0.02925
scoring_system epss
scoring_elements 0.86773
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24800
1
reference_url https://github.com/octobercms/october
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24800
reference_id CVE-2022-24800
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24800
3
reference_url https://github.com/octobercms/library/commit/fe569f3babf3f593be2b1e0a4ae0283506127a83
reference_id fe569f3babf3f593be2b1e0a4ae0283506127a83
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:41Z/
url https://github.com/octobercms/library/commit/fe569f3babf3f593be2b1e0a4ae0283506127a83
4
reference_url https://github.com/advisories/GHSA-8v7h-cpc2-r8jp
reference_id GHSA-8v7h-cpc2-r8jp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8v7h-cpc2-r8jp
5
reference_url https://github.com/octobercms/october/security/advisories/GHSA-8v7h-cpc2-r8jp
reference_id GHSA-8v7h-cpc2-r8jp
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:41Z/
url https://github.com/octobercms/october/security/advisories/GHSA-8v7h-cpc2-r8jp
fixed_packages
0
url pkg:composer/october/october@1.1.12
purl pkg:composer/october/october@1.1.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wz9u-6vry-yuhb
1
vulnerability VCID-xevy-axzn-n7g1
2
vulnerability VCID-ye2y-56tj-7yfq
3
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.1.12
1
url pkg:composer/october/october@2.2.32
purl pkg:composer/october/october@2.2.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-wz9u-6vry-yuhb
1
vulnerability VCID-xevy-axzn-n7g1
2
vulnerability VCID-ye2y-56tj-7yfq
3
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@2.2.32
2
url pkg:composer/october/october@3.0.0
purl pkg:composer/october/october@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9n57-9sar-yyf3
1
vulnerability VCID-jep1-ga9t-f3gr
2
vulnerability VCID-ukrq-vdbv-m7h8
3
vulnerability VCID-wz9u-6vry-yuhb
4
vulnerability VCID-xevy-axzn-n7g1
5
vulnerability VCID-ye2y-56tj-7yfq
6
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.0.0
aliases CVE-2022-24800, GHSA-8v7h-cpc2-r8jp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1b4g-vts2-akgy
1
url VCID-3yyx-eyk9-affj
vulnerability_id VCID-3yyx-eyk9-affj
summary octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32648
reference_id
reference_type
scores
0
value 0.93036
scoring_system epss
scoring_elements 0.99793
published_at 2026-06-13T12:55:00Z
1
value 0.93036
scoring_system epss
scoring_elements 0.99794
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32648
1
reference_url https://github.com/octobercms/october
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32648
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32648
3
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-32648
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-32648
4
reference_url https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374
reference_id 016a297b1bec55d2e53bc889458ed2cb5c3e9374
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-06T19:37:19Z/
url https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374
5
reference_url https://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9
reference_id 5bd1a28140b825baebe6becd4f7562299d3de3b9
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:H
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-06T19:37:19Z/
url https://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9
6
reference_url https://github.com/advisories/GHSA-mxr5-mc97-63rc
reference_id GHSA-mxr5-mc97-63rc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mxr5-mc97-63rc
7
reference_url https://github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc
reference_id GHSA-mxr5-mc97-63rc
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-06T19:37:19Z/
url https://github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc
fixed_packages
0
url pkg:composer/october/october@1.1.5
purl pkg:composer/october/october@1.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b4g-vts2-akgy
1
vulnerability VCID-5f35-gkfm-ukbz
2
vulnerability VCID-95f4-rugd-3bcj
3
vulnerability VCID-bjzw-dghn-bkh5
4
vulnerability VCID-bkpy-2t48-q7d3
5
vulnerability VCID-wz9u-6vry-yuhb
6
vulnerability VCID-xevy-axzn-n7g1
7
vulnerability VCID-ye2y-56tj-7yfq
8
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.1.5
aliases CVE-2021-32648, GHSA-mxr5-mc97-63rc
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3yyx-eyk9-affj
2
url VCID-5f35-gkfm-ukbz
vulnerability_id VCID-5f35-gkfm-ukbz
summary Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23655
reference_id
reference_type
scores
0
value 0.00142
scoring_system epss
scoring_elements 0.34291
published_at 2026-06-14T12:55:00Z
1
value 0.00142
scoring_system epss
scoring_elements 0.34286
published_at 2026-06-12T12:55:00Z
2
value 0.00142
scoring_system epss
scoring_elements 0.34109
published_at 2026-06-11T12:55:00Z
3
value 0.00142
scoring_system epss
scoring_elements 0.34311
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23655
1
reference_url https://github.com/octobercms/october
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23655
reference_id CVE-2022-23655
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23655
3
reference_url https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a
reference_id e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:10:01Z/
url https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a
4
reference_url https://github.com/advisories/GHSA-53m6-44rc-h2q5
reference_id GHSA-53m6-44rc-h2q5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-53m6-44rc-h2q5
5
reference_url https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5
reference_id GHSA-53m6-44rc-h2q5
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:10:01Z/
url https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5
fixed_packages
0
url pkg:composer/october/october@1.1.11
purl pkg:composer/october/october@1.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b4g-vts2-akgy
1
vulnerability VCID-wz9u-6vry-yuhb
2
vulnerability VCID-xevy-axzn-n7g1
3
vulnerability VCID-ye2y-56tj-7yfq
4
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.1.11
aliases CVE-2022-23655, GHSA-53m6-44rc-h2q5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5f35-gkfm-ukbz
3
url VCID-6z5t-5uqr-wqgv
vulnerability_id VCID-6z5t-5uqr-wqgv
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21265
reference_id
reference_type
scores
0
value 0.0051
scoring_system epss
scoring_elements 0.66819
published_at 2026-06-11T12:55:00Z
1
value 0.0051
scoring_system epss
scoring_elements 0.66912
published_at 2026-06-12T12:55:00Z
2
value 0.0051
scoring_system epss
scoring_elements 0.66926
published_at 2026-06-13T12:55:00Z
3
value 0.0051
scoring_system epss
scoring_elements 0.66927
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21265
1
reference_url https://github.com/octobercms/library/commit/f29865ae3db7a03be7c49294cd93980ec457f10d
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/library/commit/f29865ae3db7a03be7c49294cd93980ec457f10d
2
reference_url https://github.com/octobercms/library/commit/f86fcbcd066d6f8b939e8fe897409d152b11c3c6
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/library/commit/f86fcbcd066d6f8b939e8fe897409d152b11c3c6
3
reference_url https://github.com/octobercms/october/commit/555ab61f2313f45d7d5d138656420ead536c5d30
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october/commit/555ab61f2313f45d7d5d138656420ead536c5d30
4
reference_url https://github.com/octobercms/october/commit/f638d3f78cfe91d7f6658820f9d5e424306a3db0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october/commit/f638d3f78cfe91d7f6658820f9d5e424306a3db0
5
reference_url https://github.com/octobercms/october/security/advisories/GHSA-xhfx-hgmf-v6vp
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october/security/advisories/GHSA-xhfx-hgmf-v6vp
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21265
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21265
7
reference_url https://packagist.org/packages/october/backend
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/october/backend
8
reference_url https://github.com/advisories/GHSA-xhfx-hgmf-v6vp
reference_id GHSA-xhfx-hgmf-v6vp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xhfx-hgmf-v6vp
fixed_packages
0
url pkg:composer/october/october@1.1.2
purl pkg:composer/october/october@1.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b4g-vts2-akgy
1
vulnerability VCID-3yyx-eyk9-affj
2
vulnerability VCID-5f35-gkfm-ukbz
3
vulnerability VCID-95f4-rugd-3bcj
4
vulnerability VCID-bjzw-dghn-bkh5
5
vulnerability VCID-pvc8-z6uw-1yan
6
vulnerability VCID-wz9u-6vry-yuhb
7
vulnerability VCID-xevy-axzn-n7g1
8
vulnerability VCID-ye2y-56tj-7yfq
9
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.1.2
aliases CVE-2021-21265, GHSA-xhfx-hgmf-v6vp
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6z5t-5uqr-wqgv
4
url VCID-95f4-rugd-3bcj
vulnerability_id VCID-95f4-rugd-3bcj
summary Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-21705
reference_id
reference_type
scores
0
value 0.70336
scoring_system epss
scoring_elements 0.98712
published_at 2026-06-12T12:55:00Z
1
value 0.70336
scoring_system epss
scoring_elements 0.98714
published_at 2026-06-14T12:55:00Z
2
value 0.70336
scoring_system epss
scoring_elements 0.98713
published_at 2026-06-13T12:55:00Z
3
value 0.70336
scoring_system epss
scoring_elements 0.98707
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-21705
1
reference_url https://github.com/octobercms/october
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october
2
reference_url https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe
reference_id c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:38Z/
url https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-21705
reference_id CVE-2022-21705
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-21705
4
reference_url https://github.com/advisories/GHSA-79jw-2f46-wv22
reference_id GHSA-79jw-2f46-wv22
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-79jw-2f46-wv22
5
reference_url https://github.com/octobercms/october/security/advisories/GHSA-79jw-2f46-wv22
reference_id GHSA-79jw-2f46-wv22
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:55:38Z/
url https://github.com/octobercms/october/security/advisories/GHSA-79jw-2f46-wv22
fixed_packages
0
url pkg:composer/october/october@1.1.10
purl pkg:composer/october/october@1.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b4g-vts2-akgy
1
vulnerability VCID-5f35-gkfm-ukbz
2
vulnerability VCID-wz9u-6vry-yuhb
3
vulnerability VCID-xevy-axzn-n7g1
4
vulnerability VCID-ye2y-56tj-7yfq
5
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.1.10
1
url pkg:composer/october/october@2.1.27
purl pkg:composer/october/october@2.1.27
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b4g-vts2-akgy
1
vulnerability VCID-wz9u-6vry-yuhb
2
vulnerability VCID-xevy-axzn-n7g1
3
vulnerability VCID-ye2y-56tj-7yfq
4
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@2.1.27
aliases CVE-2022-21705, GHSA-79jw-2f46-wv22
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95f4-rugd-3bcj
5
url VCID-bjzw-dghn-bkh5
vulnerability_id VCID-bjzw-dghn-bkh5
summary October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32649
reference_id
reference_type
scores
0
value 0.005
scoring_system epss
scoring_elements 0.66515
published_at 2026-06-12T12:55:00Z
1
value 0.005
scoring_system epss
scoring_elements 0.66527
published_at 2026-06-14T12:55:00Z
2
value 0.005
scoring_system epss
scoring_elements 0.66529
published_at 2026-06-13T12:55:00Z
3
value 0.005
scoring_system epss
scoring_elements 0.66422
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32649
1
reference_url https://github.com/octobercms/october
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october
2
reference_url https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26
reference_id 167b592eed291ae1563c8fcc5b9b34a03a300f26
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:55Z/
url https://github.com/octobercms/october/commit/167b592eed291ae1563c8fcc5b9b34a03a300f26
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32649
reference_id CVE-2021-32649
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32649
4
reference_url https://github.com/advisories/GHSA-wv23-pfj7-2mjj
reference_id GHSA-wv23-pfj7-2mjj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wv23-pfj7-2mjj
5
reference_url https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj
reference_id GHSA-wv23-pfj7-2mjj
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:55Z/
url https://github.com/octobercms/october/security/advisories/GHSA-wv23-pfj7-2mjj
fixed_packages
0
url pkg:composer/october/october@1.1.6
purl pkg:composer/october/october@1.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b4g-vts2-akgy
1
vulnerability VCID-5f35-gkfm-ukbz
2
vulnerability VCID-95f4-rugd-3bcj
3
vulnerability VCID-wz9u-6vry-yuhb
4
vulnerability VCID-xevy-axzn-n7g1
5
vulnerability VCID-ye2y-56tj-7yfq
6
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.1.6
aliases CVE-2021-32649, GHSA-wv23-pfj7-2mjj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjzw-dghn-bkh5
6
url VCID-hxtq-5jdy-zqh2
vulnerability_id VCID-hxtq-5jdy-zqh2
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21264
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10352
published_at 2026-06-11T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10403
published_at 2026-06-12T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.10407
published_at 2026-06-13T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.10382
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21264
1
reference_url https://github.com/octobercms/october
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october
2
reference_url https://github.com/octobercms/october/security/advisories/GHSA-fcr8-6q7r-m4wg
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october/security/advisories/GHSA-fcr8-6q7r-m4wg
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21264
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21264
4
reference_url https://github.com/advisories/GHSA-fcr8-6q7r-m4wg
reference_id GHSA-fcr8-6q7r-m4wg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fcr8-6q7r-m4wg
fixed_packages
0
url pkg:composer/october/october@1.1.2
purl pkg:composer/october/october@1.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b4g-vts2-akgy
1
vulnerability VCID-3yyx-eyk9-affj
2
vulnerability VCID-5f35-gkfm-ukbz
3
vulnerability VCID-95f4-rugd-3bcj
4
vulnerability VCID-bjzw-dghn-bkh5
5
vulnerability VCID-pvc8-z6uw-1yan
6
vulnerability VCID-wz9u-6vry-yuhb
7
vulnerability VCID-xevy-axzn-n7g1
8
vulnerability VCID-ye2y-56tj-7yfq
9
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.1.2
aliases CVE-2021-21264, GHSA-fcr8-6q7r-m4wg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hxtq-5jdy-zqh2
7
url VCID-pvc8-z6uw-1yan
vulnerability_id VCID-pvc8-z6uw-1yan
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-29487
reference_id
reference_type
scores
0
value 0.00503
scoring_system epss
scoring_elements 0.66554
published_at 2026-06-11T12:55:00Z
1
value 0.00503
scoring_system epss
scoring_elements 0.66647
published_at 2026-06-12T12:55:00Z
2
value 0.00503
scoring_system epss
scoring_elements 0.6666
published_at 2026-06-13T12:55:00Z
3
value 0.00503
scoring_system epss
scoring_elements 0.66659
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-29487
1
reference_url https://github.com/octobercms/october
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october
2
reference_url https://github.com/octobercms/october/security/advisories/GHSA-h76r-vgf3-j6w5
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october/security/advisories/GHSA-h76r-vgf3-j6w5
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-29487
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-29487
4
reference_url https://github.com/advisories/GHSA-h76r-vgf3-j6w5
reference_id GHSA-h76r-vgf3-j6w5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h76r-vgf3-j6w5
fixed_packages
0
url pkg:composer/october/october@1.1.5
purl pkg:composer/october/october@1.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b4g-vts2-akgy
1
vulnerability VCID-5f35-gkfm-ukbz
2
vulnerability VCID-95f4-rugd-3bcj
3
vulnerability VCID-bjzw-dghn-bkh5
4
vulnerability VCID-bkpy-2t48-q7d3
5
vulnerability VCID-wz9u-6vry-yuhb
6
vulnerability VCID-xevy-axzn-n7g1
7
vulnerability VCID-ye2y-56tj-7yfq
8
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.1.5
aliases CVE-2021-29487, GHSA-h76r-vgf3-j6w5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pvc8-z6uw-1yan
8
url VCID-wz9u-6vry-yuhb
vulnerability_id VCID-wz9u-6vry-yuhb
summary October is a Content Management System (CMS) and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the `media.clean_vectors` configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This vulnerability allows an authenticated user to bypass this protection by uploading it with a permitted extension (for example, .jpg or .png) and later modifying it to the .svg extension. This vulnerability assumes a trusted user will attack another trusted user and cannot be actively exploited without access to the administration panel and interaction from the other user. This issue has been patched in v3.7.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51991
reference_id
reference_type
scores
0
value 0.00109
scoring_system epss
scoring_elements 0.29042
published_at 2026-06-13T12:55:00Z
1
value 0.00117
scoring_system epss
scoring_elements 0.30327
published_at 2026-06-14T12:55:00Z
2
value 0.00313
scoring_system epss
scoring_elements 0.54968
published_at 2026-06-12T12:55:00Z
3
value 0.00313
scoring_system epss
scoring_elements 0.54846
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51991
1
reference_url https://github.com/octobercms/october
reference_id
reference_type
scores
0
value 1.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51991
reference_id
reference_type
scores
0
value 1.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51991
3
reference_url https://github.com/advisories/GHSA-96hh-8hx5-cpw7
reference_id GHSA-96hh-8hx5-cpw7
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-96hh-8hx5-cpw7
4
reference_url https://github.com/octobercms/october/security/advisories/GHSA-96hh-8hx5-cpw7
reference_id GHSA-96hh-8hx5-cpw7
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T18:06:02Z/
url https://github.com/octobercms/october/security/advisories/GHSA-96hh-8hx5-cpw7
fixed_packages
0
url pkg:composer/october/october@3.7.5
purl pkg:composer/october/october@3.7.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.7.5
1
url pkg:composer/october/october@3.7.10
purl pkg:composer/october/october@3.7.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.7.10
aliases CVE-2024-51991, GHSA-96hh-8hx5-cpw7
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wz9u-6vry-yuhb
9
url VCID-xevy-axzn-n7g1
vulnerability_id VCID-xevy-axzn-n7g1
summary October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request. The issue has been patched in versions 2.2.34 and 3.0.66.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-35944
reference_id
reference_type
scores
0
value 0.00532
scoring_system epss
scoring_elements 0.67721
published_at 2026-06-11T12:55:00Z
1
value 0.00532
scoring_system epss
scoring_elements 0.6782
published_at 2026-06-14T12:55:00Z
2
value 0.00532
scoring_system epss
scoring_elements 0.67823
published_at 2026-06-13T12:55:00Z
3
value 0.00532
scoring_system epss
scoring_elements 0.6781
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-35944
1
reference_url https://github.com/octobercms/october
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-35944
reference_id CVE-2022-35944
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-35944
3
reference_url https://github.com/advisories/GHSA-x4q7-m6fp-4v9v
reference_id GHSA-x4q7-m6fp-4v9v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4q7-m6fp-4v9v
4
reference_url https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v
reference_id GHSA-x4q7-m6fp-4v9v
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:47:57Z/
url https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v
fixed_packages
0
url pkg:composer/october/october@2.2.34
purl pkg:composer/october/october@2.2.34
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@2.2.34
1
url pkg:composer/october/october@3.0.74
purl pkg:composer/october/october@3.0.74
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9n57-9sar-yyf3
1
vulnerability VCID-jep1-ga9t-f3gr
2
vulnerability VCID-ukrq-vdbv-m7h8
3
vulnerability VCID-wz9u-6vry-yuhb
4
vulnerability VCID-ye2y-56tj-7yfq
5
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.0.74
aliases CVE-2022-35944, GHSA-x4q7-m6fp-4v9v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xevy-axzn-n7g1
10
url VCID-ye2y-56tj-7yfq
vulnerability_id VCID-ye2y-56tj-7yfq
summary October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45962
reference_id
reference_type
scores
0
value 0.0027
scoring_system epss
scoring_elements 0.50867
published_at 2026-06-14T12:55:00Z
1
value 0.0027
scoring_system epss
scoring_elements 0.50729
published_at 2026-06-11T12:55:00Z
2
value 0.0027
scoring_system epss
scoring_elements 0.5088
published_at 2026-06-13T12:55:00Z
3
value 0.0027
scoring_system epss
scoring_elements 0.50863
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45962
1
reference_url https://github.com/octobercms/october
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45962
reference_id CVE-2024-45962
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45962
3
reference_url https://github.com/advisories/GHSA-hxpp-g76m-qhvg
reference_id GHSA-hxpp-g76m-qhvg
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hxpp-g76m-qhvg
4
reference_url https://grimthereaperteam.medium.com/october-cms-3-6-30-stored-xss-ddf2be7a226e
reference_id october-cms-3-6-30-stored-xss-ddf2be7a226e
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
1
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
2
value 1.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T20:33:25Z/
url https://grimthereaperteam.medium.com/october-cms-3-6-30-stored-xss-ddf2be7a226e
fixed_packages
aliases CVE-2024-45962, GHSA-hxpp-g76m-qhvg
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ye2y-56tj-7yfq
11
url VCID-zr5a-scjq-s7df
vulnerability_id VCID-zr5a-scjq-s7df
summary October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations when cms.safe_mode is enabled. Backend users with Developer permissions could use Twig template markup to execute insert, update, and delete operations on any database table through the query builder, which is included in the sandbox allow-list. This vulnerability is fixed in 3.7.14 and 4.1.10.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-26274
reference_id
reference_type
scores
0
value 0.00075
scoring_system epss
scoring_elements 0.22937
published_at 2026-06-14T12:55:00Z
1
value 0.00075
scoring_system epss
scoring_elements 0.22751
published_at 2026-06-11T12:55:00Z
2
value 0.00075
scoring_system epss
scoring_elements 0.22958
published_at 2026-06-13T12:55:00Z
3
value 0.00075
scoring_system epss
scoring_elements 0.22947
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-26274
1
reference_url https://github.com/octobercms/october
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-26274
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-26274
3
reference_url https://github.com/advisories/GHSA-h6jm-f4hh-fw27
reference_id GHSA-h6jm-f4hh-fw27
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h6jm-f4hh-fw27
4
reference_url https://github.com/octobercms/october/security/advisories/GHSA-h6jm-f4hh-fw27
reference_id GHSA-h6jm-f4hh-fw27
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:16:28Z/
url https://github.com/octobercms/october/security/advisories/GHSA-h6jm-f4hh-fw27
fixed_packages
0
url pkg:composer/october/october@3.7.14
purl pkg:composer/october/october@3.7.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.7.14
1
url pkg:composer/october/october@4.1.10
purl pkg:composer/october/october@4.1.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@4.1.10
2
url pkg:composer/october/october@4.1.17
purl pkg:composer/october/october@4.1.17
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@4.1.17
aliases CVE-2026-26274, GHSA-h6jm-f4hh-fw27
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zr5a-scjq-s7df
Fixing_vulnerabilities
0
url VCID-81u6-eenj-t7hw
vulnerability_id VCID-81u6-eenj-t7hw
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26231
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10416
published_at 2026-06-11T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10468
published_at 2026-06-12T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.1047
published_at 2026-06-13T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.10445
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26231
1
reference_url https://github.com/advisories/GHSA-94vp-rmqv-5875
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-94vp-rmqv-5875
2
reference_url https://github.com/octobercms/october/commit/d34fb8ab51108495a9a651b841202d935f4e12f7
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october/commit/d34fb8ab51108495a9a651b841202d935f4e12f7
3
reference_url https://github.com/octobercms/october/security/advisories/GHSA-r89v-cgv7-3jhx
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/octobercms/october/security/advisories/GHSA-r89v-cgv7-3jhx
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26231
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26231
5
reference_url https://github.com/advisories/GHSA-r89v-cgv7-3jhx
reference_id GHSA-r89v-cgv7-3jhx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r89v-cgv7-3jhx
fixed_packages
0
url pkg:composer/october/october@1.0.470
purl pkg:composer/october/october@1.0.470
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b4g-vts2-akgy
1
vulnerability VCID-5f35-gkfm-ukbz
2
vulnerability VCID-6z5t-5uqr-wqgv
3
vulnerability VCID-95f4-rugd-3bcj
4
vulnerability VCID-bjzw-dghn-bkh5
5
vulnerability VCID-hxtq-5jdy-zqh2
6
vulnerability VCID-wz9u-6vry-yuhb
7
vulnerability VCID-xevy-axzn-n7g1
8
vulnerability VCID-ye2y-56tj-7yfq
9
vulnerability VCID-yhrp-jd6w-syhp
10
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.0.470
1
url pkg:composer/october/october@1.1.1
purl pkg:composer/october/october@1.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1b4g-vts2-akgy
1
vulnerability VCID-3yyx-eyk9-affj
2
vulnerability VCID-5f35-gkfm-ukbz
3
vulnerability VCID-6z5t-5uqr-wqgv
4
vulnerability VCID-95f4-rugd-3bcj
5
vulnerability VCID-bjzw-dghn-bkh5
6
vulnerability VCID-hxtq-5jdy-zqh2
7
vulnerability VCID-pvc8-z6uw-1yan
8
vulnerability VCID-wz9u-6vry-yuhb
9
vulnerability VCID-xevy-axzn-n7g1
10
vulnerability VCID-ye2y-56tj-7yfq
11
vulnerability VCID-zr5a-scjq-s7df
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.1.1
aliases CVE-2020-26231, GHSA-r89v-cgv7-3jhx
risk_score 2.4
exploitability 0.5
weighted_severity 4.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-81u6-eenj-t7hw
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.1.1