CVE-2015-5612

Published September 4th, 2015

View on NVD ↗

CVSS v3

N/A

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.

octobercms/october

Self-hosted CMS platform based on the Laravel PHP Framework.

GitHub

11.1K