october/rain Security Advisories (3)
-
[MEDIUM] OctoberCMS Cross-Site Scripting
PKSA-ybjk-32sz-v9ns CVE-2017-15284 GHSA-gvgf-fp4m-2hw6
Affected version: <1.0.426
Reported by:
GitHub -
[CRITICAL] October CMS Session ID not invalidated after logout
PKSA-gvvr-k6pk-nfpz CVE-2021-3311 GHSA-7ggw-h8pp-r95r
Affected version: >=1.1.0,<1.1.2|<1.0.472
Reported by:
GitHub -
[MEDIUM] Reliance on Cookies without validation in OctoberCMS
PKSA-sq51-nv4y-j4xf CVE-2020-15128 GHSA-55mm-5399-7r63
Affected version: >=1.0.319,<1.0.468
Reported by:
GitHub