CVE-2017-1000193

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-1000193
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000193.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-1000193
Aliases
Published
2017-11-17T02:29:00.737Z
Modified
2026-04-10T03:54:37.016607Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.

References

Affected packages

Git / github.com/octobercms/october

Affected ranges

Type
GIT
Repo
https://github.com/octobercms/october
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
982bc43348a4cff3f5ce824417c9439e5fb8bb34
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.412"
        }
    ]
}

Affected versions

v1.*
v1.0.319
v1.0.320
v1.0.321
v1.0.322
v1.0.323
v1.0.324
v1.0.325
v1.0.326
v1.0.327
v1.0.328
v1.0.329
v1.0.330
v1.0.331
v1.0.333
v1.0.334
v1.0.338
v1.0.340
v1.0.341
v1.0.342
v1.0.343
v1.0.344
v1.0.345
v1.0.346
v1.0.351
v1.0.352
v1.0.353
v1.0.354
v1.0.355
v1.0.356
v1.0.358
v1.0.359
v1.0.360
v1.0.361
v1.0.362
v1.0.363
v1.0.364
v1.0.365
v1.0.366
v1.0.367
v1.0.370
v1.0.371
v1.0.372
v1.0.373
v1.0.374
v1.0.375
v1.0.376
v1.0.377
v1.0.378
v1.0.379
v1.0.380
v1.0.381
v1.0.382
v1.0.383
v1.0.384
v1.0.385
v1.0.386
v1.0.387
v1.0.388
v1.0.389
v1.0.390
v1.0.391
v1.0.392
v1.0.393
v1.0.394
v1.0.395
v1.0.396
v1.0.397
v1.0.398
v1.0.399
v1.0.400
v1.0.401
v1.0.402
v1.0.403
v1.0.404
v1.0.405
v1.0.406
v1.0.407
v1.0.408
v1.0.409
v1.0.410
v1.0.411
v1.0.412

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000193.json"