CVE-2017-1000193: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 13, 2022 (updated July 25, 2023)

October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim’s browser.

References

github.com/advisories/GHSA-3p6c-9xhm-8x7h
github.com/octobercms/october/compare/v1.0.412...v1.0.413
nvd.nist.gov/vuln/detail/CVE-2017-1000193

Detect and mitigate CVE-2017-1000193 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →