{"url":"http://public2.vulnerablecode.io/api/packages/60788?format=json","purl":"pkg:composer/october/october@1.0.475","type":"composer","namespace":"october","name":"october","version":"1.0.475","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.1.17","latest_non_vulnerable_version":"4.1.17","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57250?format=json","vulnerability_id":"VCID-1u23-49vh-a7cz","summary":"October CMS Allows Unprotected SVG Rename in Media Manager\nThis advisory affects authenticated administrators with sites that have the `media.clean_vectors` configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This vulnerability allows an authenticated user to bypass this protection by uploading it with a permitted extension (for example, .jpg or .png) and later modifying it to the .svg extension.\n\nThis vulnerability assumes a trusted user will attack another trusted user and cannot be actively exploited without access to the administration panel and interaction from the other user.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51991","reference_id":"","reference_type":"","scores":[{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54778","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00313","scoring_system":"epss","scoring_elements":"0.54768","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-51991"},{"reference_url":"https://github.com/octobercms/october","reference_id":"","reference_type":"","scores":[{"value":"1.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octobercms/october"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51991","reference_id":"CVE-2024-51991","reference_type":"","scores":[{"value":"1.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-51991"},{"reference_url":"https://github.com/advisories/GHSA-96hh-8hx5-cpw7","reference_id":"GHSA-96hh-8hx5-cpw7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-96hh-8hx5-cpw7"},{"reference_url":"https://github.com/octobercms/october/security/advisories/GHSA-96hh-8hx5-cpw7","reference_id":"GHSA-96hh-8hx5-cpw7","reference_type":"","scores":[{"value":"1.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-05T18:06:02Z/"}],"url":"https://github.com/octobercms/october/security/advisories/GHSA-96hh-8hx5-cpw7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85048?format=json","purl":"pkg:composer/october/october@3.7.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.7.5"},{"url":"http://public2.vulnerablecode.io/api/packages/817550?format=json","purl":"pkg:composer/october/october@3.7.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-tdpb-9bs6-w3gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.7.10"}],"aliases":["CVE-2024-51991","GHSA-96hh-8hx5-cpw7"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1u23-49vh-a7cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54154?format=json","vulnerability_id":"VCID-a3cc-swkj-cue8","summary":"October CMS vulnerable to Potential Host Header Poisoning on misconfigured servers\nWhen running on servers that are configured to accept a wildcard as a hostname (i.e. the server routes any request, regardless of the HOST header to an October CMS instance) the potential exists for Host Header Poisoning attacks to succeed. See the following resources for more information on Host Header Poisoning:\n- https://portswigger.net/web-security/host-header\n- https://dzone.com/articles/what-is-a-host-header-attack","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21265","reference_id":"","reference_type":"","scores":[{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66779","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66731","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0051","scoring_system":"epss","scoring_elements":"0.66772","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21265"},{"reference_url":"https://github.com/octobercms/library/commit/f29865ae3db7a03be7c49294cd93980ec457f10d","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octobercms/library/commit/f29865ae3db7a03be7c49294cd93980ec457f10d"},{"reference_url":"https://github.com/octobercms/library/commit/f86fcbcd066d6f8b939e8fe897409d152b11c3c6","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octobercms/library/commit/f86fcbcd066d6f8b939e8fe897409d152b11c3c6"},{"reference_url":"https://github.com/octobercms/october/commit/555ab61f2313f45d7d5d138656420ead536c5d30","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octobercms/october/commit/555ab61f2313f45d7d5d138656420ead536c5d30"},{"reference_url":"https://github.com/octobercms/october/commit/f638d3f78cfe91d7f6658820f9d5e424306a3db0","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octobercms/october/commit/f638d3f78cfe91d7f6658820f9d5e424306a3db0"},{"reference_url":"https://packagist.org/packages/october/backend","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/october/backend"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21265","reference_id":"CVE-2021-21265","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21265"},{"reference_url":"https://github.com/advisories/GHSA-xhfx-hgmf-v6vp","reference_id":"GHSA-xhfx-hgmf-v6vp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhfx-hgmf-v6vp"},{"reference_url":"https://github.com/octobercms/october/security/advisories/GHSA-xhfx-hgmf-v6vp","reference_id":"GHSA-xhfx-hgmf-v6vp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octobercms/october/security/advisories/GHSA-xhfx-hgmf-v6vp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/79936?format=json","purl":"pkg:composer/october/october@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-196s-wgwr-kyd6"},{"vulnerability":"VCID-1u23-49vh-a7cz"},{"vulnerability":"VCID-26wk-v39m-tue9"},{"vulnerability":"VCID-32np-fww5-sqgs"},{"vulnerability":"VCID-c9ym-e1xq-euah"},{"vulnerability":"VCID-dc1p-1k62-2ub6"},{"vulnerability":"VCID-hk1m-fbhk-4khm"},{"vulnerability":"VCID-jwc2-ypme-27f5"},{"vulnerability":"VCID-sb7b-w5kw-2kcu"},{"vulnerability":"VCID-tdpb-9bs6-w3gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.1.2"}],"aliases":["CVE-2021-21265","GHSA-xhfx-hgmf-v6vp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a3cc-swkj-cue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110350?format=json","vulnerability_id":"VCID-dc1p-1k62-2ub6","summary":"October CMS upload process vulnerable to RCE via Race Condition\n### Impact\n\nThis advisory affects plugins that expose the `October\\Rain\\Database\\Attach\\File::fromData` as a public interface. This vulnerability does not affect vanilla installations of October CMS since this method is not exposed or used by the system internally or externally.\n\nWhen the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user can perform remote code execution (RCE) by exploiting a race condition in the temporary storage directory.\n\n### Patches\n\nThe issue has been patched in Build 476 (v1.0.476) and v1.1.12 and v2.2.15.\n\n### Workarounds\n\nApply https://github.com/octobercms/library/commit/fe569f3babf3f593be2b1e0a4ae0283506127a83 to your installation manually if unable to upgrade to Build 476 (v1.0.476) or v1.1.12 or v2.2.15.\n\n### References\n\nCredits to:\n- DucNT, HungTD and GiangVQ from RedTeam@VNG Security Response Center.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n- Email us at [hello@octobercms.com](mailto:hello@octobercms.com)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24800","reference_id":"","reference_type":"","scores":[{"value":"0.02925","scoring_system":"epss","scoring_elements":"0.8667","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02925","scoring_system":"epss","scoring_elements":"0.86691","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02925","scoring_system":"epss","scoring_elements":"0.86692","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24800"},{"reference_url":"https://github.com/octobercms/library/commit/fe569f3babf3f593be2b1e0a4ae0283506127a83","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:41Z/"}],"url":"https://github.com/octobercms/library/commit/fe569f3babf3f593be2b1e0a4ae0283506127a83"},{"reference_url":"https://github.com/octobercms/october","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octobercms/october"},{"reference_url":"https://github.com/octobercms/october/security/advisories/GHSA-8v7h-cpc2-r8jp","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:51:41Z/"}],"url":"https://github.com/octobercms/october/security/advisories/GHSA-8v7h-cpc2-r8jp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24800","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24800"},{"reference_url":"https://github.com/advisories/GHSA-8v7h-cpc2-r8jp","reference_id":"GHSA-8v7h-cpc2-r8jp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8v7h-cpc2-r8jp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/504035?format=json","purl":"pkg:composer/october/october@1.0.476","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1u23-49vh-a7cz"},{"vulnerability":"VCID-hk1m-fbhk-4khm"},{"vulnerability":"VCID-sb7b-w5kw-2kcu"},{"vulnerability":"VCID-tdpb-9bs6-w3gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.0.476"},{"url":"http://public2.vulnerablecode.io/api/packages/504036?format=json","purl":"pkg:composer/october/october@1.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1u23-49vh-a7cz"},{"vulnerability":"VCID-hk1m-fbhk-4khm"},{"vulnerability":"VCID-sb7b-w5kw-2kcu"},{"vulnerability":"VCID-tdpb-9bs6-w3gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/504037?format=json","purl":"pkg:composer/october/october@2.2.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1u23-49vh-a7cz"},{"vulnerability":"VCID-hk1m-fbhk-4khm"},{"vulnerability":"VCID-sb7b-w5kw-2kcu"},{"vulnerability":"VCID-tdpb-9bs6-w3gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@2.2.32"},{"url":"http://public2.vulnerablecode.io/api/packages/67956?format=json","purl":"pkg:composer/october/october@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1u23-49vh-a7cz"},{"vulnerability":"VCID-697s-34zx-1bet"},{"vulnerability":"VCID-8nzv-njt4-7kcy"},{"vulnerability":"VCID-hk1m-fbhk-4khm"},{"vulnerability":"VCID-j1jf-zq2p-xkg5"},{"vulnerability":"VCID-sb7b-w5kw-2kcu"},{"vulnerability":"VCID-tdpb-9bs6-w3gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.0.0"}],"aliases":["CVE-2022-24800","GHSA-8v7h-cpc2-r8jp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dc1p-1k62-2ub6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108765?format=json","vulnerability_id":"VCID-hk1m-fbhk-4khm","summary":"October CMS Safe Mode bypass leads to authenticated Remote Code Execution\n### Impact\n\nThis vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the \"Editor\" section, they can bypass the Safe Mode (`cms.safe_mode`) restriction to introduce new PHP code in a CMS template using a specially crafted request.\n\n### Patches\n\nThe issue has been patched in v2.2.34 and v3.0.66\n\n### References\n\nCredits to:\n\n-  David Miller\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n- Email us at [hello@octobercms.com](mailto:hello@octobercms.com)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35944","reference_id":"","reference_type":"","scores":[{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67674","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67626","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00532","scoring_system":"epss","scoring_elements":"0.67667","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-35944"},{"reference_url":"https://github.com/octobercms/october","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octobercms/october"},{"reference_url":"https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:47:57Z/"}],"url":"https://github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35944","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-35944"},{"reference_url":"https://github.com/advisories/GHSA-x4q7-m6fp-4v9v","reference_id":"GHSA-x4q7-m6fp-4v9v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4q7-m6fp-4v9v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/504538?format=json","purl":"pkg:composer/october/october@2.2.34","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@2.2.34"},{"url":"http://public2.vulnerablecode.io/api/packages/504539?format=json","purl":"pkg:composer/october/october@3.0.74","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1u23-49vh-a7cz"},{"vulnerability":"VCID-697s-34zx-1bet"},{"vulnerability":"VCID-8nzv-njt4-7kcy"},{"vulnerability":"VCID-j1jf-zq2p-xkg5"},{"vulnerability":"VCID-sb7b-w5kw-2kcu"},{"vulnerability":"VCID-tdpb-9bs6-w3gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.0.74"}],"aliases":["CVE-2022-35944","GHSA-x4q7-m6fp-4v9v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hk1m-fbhk-4khm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55923?format=json","vulnerability_id":"VCID-sb7b-w5kw-2kcu","summary":"October allows an admin account to upload PDF containing malicious JavaScript\nOctober 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45962","reference_id":"","reference_type":"","scores":[{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50692","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50684","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45962"},{"reference_url":"https://github.com/octobercms/october","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octobercms/october"},{"reference_url":"https://grimthereaperteam.medium.com/october-cms-3-6-30-stored-xss-ddf2be7a226e","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T20:33:25Z/"}],"url":"https://grimthereaperteam.medium.com/october-cms-3-6-30-stored-xss-ddf2be7a226e"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45962","reference_id":"CVE-2024-45962","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"1.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45962"},{"reference_url":"https://github.com/advisories/GHSA-hxpp-g76m-qhvg","reference_id":"GHSA-hxpp-g76m-qhvg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hxpp-g76m-qhvg"}],"fixed_packages":[],"aliases":["CVE-2024-45962","GHSA-hxpp-g76m-qhvg"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sb7b-w5kw-2kcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89046?format=json","vulnerability_id":"VCID-tdpb-9bs6-w3gx","summary":"October CMS has Safe Mode Bypass via Twig Database Write Operations\nA vulnerability was identified in the Twig sandbox security policy that allowed database write operations when `cms.safe_mode` is enabled. Backend users with Developer permissions could use Twig template markup to execute insert, update, and delete operations on any database table through the query builder, which is included in the sandbox allow-list.\n\n### Impact\n- Arbitrary database writes including modification or deletion of any table\n- Requires authenticated backend access with Developer permissions\n- Only relevant when `cms.safe_mode` is enabled (otherwise direct PHP injection is already possible)\n\n### Patches\nThe vulnerability has been patched in v3.7.14 and v4.1.10. Write operations such as `insert`, `update`, `delete`, and `truncate` are now blocked on query builder and model objects within the Twig sandbox. All users are encouraged to upgrade to the latest patched version.\n\n### Workarounds\nIf upgrading immediately is not possible:\n- Restrict Developer tool access to fully trusted administrators only\n\n### Reporter\n- Reported by [Chris Alupului](https://github.com/neosprings)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26274","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22807","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22822","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-26274"},{"reference_url":"https://github.com/octobercms/october","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octobercms/october"},{"reference_url":"https://github.com/octobercms/october/security/advisories/GHSA-h6jm-f4hh-fw27","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-21T19:16:28Z/"}],"url":"https://github.com/octobercms/october/security/advisories/GHSA-h6jm-f4hh-fw27"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26274","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-26274"},{"reference_url":"https://github.com/advisories/GHSA-h6jm-f4hh-fw27","reference_id":"GHSA-h6jm-f4hh-fw27","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h6jm-f4hh-fw27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109969?format=json","purl":"pkg:composer/october/october@3.7.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@3.7.14"},{"url":"http://public2.vulnerablecode.io/api/packages/109970?format=json","purl":"pkg:composer/october/october@4.1.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@4.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/1039320?format=json","purl":"pkg:composer/october/october@4.1.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@4.1.17"}],"aliases":["CVE-2026-26274","GHSA-h6jm-f4hh-fw27"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tdpb-9bs6-w3gx"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42510?format=json","vulnerability_id":"VCID-196s-wgwr-kyd6","summary":"Improper Verification of Cryptographic Signature\nOctobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS does not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23655","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34002","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34117","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34102","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-23655"},{"reference_url":"https://github.com/octobercms/october","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octobercms/october"},{"reference_url":"https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:10:01Z/"}],"url":"https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23655","reference_id":"CVE-2022-23655","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23655"},{"reference_url":"https://github.com/advisories/GHSA-53m6-44rc-h2q5","reference_id":"GHSA-53m6-44rc-h2q5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-53m6-44rc-h2q5"},{"reference_url":"https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5","reference_id":"GHSA-53m6-44rc-h2q5","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:10:01Z/"}],"url":"https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60788?format=json","purl":"pkg:composer/october/october@1.0.475","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1u23-49vh-a7cz"},{"vulnerability":"VCID-a3cc-swkj-cue8"},{"vulnerability":"VCID-dc1p-1k62-2ub6"},{"vulnerability":"VCID-hk1m-fbhk-4khm"},{"vulnerability":"VCID-sb7b-w5kw-2kcu"},{"vulnerability":"VCID-tdpb-9bs6-w3gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.0.475"},{"url":"http://public2.vulnerablecode.io/api/packages/60789?format=json","purl":"pkg:composer/october/october@1.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1u23-49vh-a7cz"},{"vulnerability":"VCID-dc1p-1k62-2ub6"},{"vulnerability":"VCID-hk1m-fbhk-4khm"},{"vulnerability":"VCID-sb7b-w5kw-2kcu"},{"vulnerability":"VCID-tdpb-9bs6-w3gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.1.11"}],"aliases":["CVE-2022-23655","GHSA-53m6-44rc-h2q5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-196s-wgwr-kyd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54031?format=json","vulnerability_id":"VCID-8g7k-gf7y-mubp","summary":"Insufficient Session Expiration\nAn issue was discovered in October through build It reactivates an old session ID (which had been invalid after a logout) once a new login occurs.","references":[{"reference_url":"https://anisiosantos.me/october-cms-token-reactivation","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://anisiosantos.me/october-cms-token-reactivation"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3311","reference_id":"","reference_type":"","scores":[{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81615","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81612","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01522","scoring_system":"epss","scoring_elements":"0.81583","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3311"},{"reference_url":"https://github.com/octobercms/library/commit/642f597489e6f644d4bd9a0c267e864cabead024","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octobercms/library/commit/642f597489e6f644d4bd9a0c267e864cabead024"},{"reference_url":"https://octobercms.com/forum/chan/announcements","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://octobercms.com/forum/chan/announcements"},{"reference_url":"https://packagist.org/packages/october/rain","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/october/rain"},{"reference_url":"http://cve.circl.lu/cve/CVE-2021-3311","reference_id":"CVE-2021-3311","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://cve.circl.lu/cve/CVE-2021-3311"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3311","reference_id":"CVE-2021-3311","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3311"},{"reference_url":"https://github.com/advisories/GHSA-7ggw-h8pp-r95r","reference_id":"GHSA-7ggw-h8pp-r95r","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7ggw-h8pp-r95r"},{"reference_url":"https://github.com/octobercms/october/security/advisories/GHSA-7ggw-h8pp-r95r","reference_id":"GHSA-7ggw-h8pp-r95r","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/octobercms/october/security/advisories/GHSA-7ggw-h8pp-r95r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60788?format=json","purl":"pkg:composer/october/october@1.0.475","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1u23-49vh-a7cz"},{"vulnerability":"VCID-a3cc-swkj-cue8"},{"vulnerability":"VCID-dc1p-1k62-2ub6"},{"vulnerability":"VCID-hk1m-fbhk-4khm"},{"vulnerability":"VCID-sb7b-w5kw-2kcu"},{"vulnerability":"VCID-tdpb-9bs6-w3gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.0.475"},{"url":"http://public2.vulnerablecode.io/api/packages/60184?format=json","purl":"pkg:composer/october/october@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-196s-wgwr-kyd6"},{"vulnerability":"VCID-1u23-49vh-a7cz"},{"vulnerability":"VCID-26wk-v39m-tue9"},{"vulnerability":"VCID-6wuq-x5uj-mfaq"},{"vulnerability":"VCID-a3cc-swkj-cue8"},{"vulnerability":"VCID-dc1p-1k62-2ub6"},{"vulnerability":"VCID-hk1m-fbhk-4khm"},{"vulnerability":"VCID-jwc2-ypme-27f5"},{"vulnerability":"VCID-sb7b-w5kw-2kcu"},{"vulnerability":"VCID-tdpb-9bs6-w3gx"},{"vulnerability":"VCID-xft1-5xxz-jfbp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.1.0"}],"aliases":["CVE-2021-3311","GHSA-7ggw-h8pp-r95r"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8g7k-gf7y-mubp"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/october/october@1.0.475"}