CVE-2020-11083: Cross-site Scripting

July 14, 2020 (updated August 4, 2020)

In OctoberCMS, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field.

References

nvd.nist.gov/vuln/detail/CVE-2020-11083

Detect and mitigate CVE-2020-11083 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →