CVE-2023-25365: Unrestricted Upload of File with Dangerous Type

February 8, 2024 (updated February 15, 2024)

Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3

References

cupc4k3.medium.com/cve-2023-25365-xss-via-file-upload-bypass-ddf4d2a106a7
nvd.nist.gov/vuln/detail/CVE-2023-25365

Code Behaviors & Features

Detect and mitigate CVE-2023-25365 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →