sromanhu/CVE-2023-43876-October-CMS-Reflected-XSS---Installation

Releases0

October CMS 3.4.16 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload in the installation process.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-43876 ↗	Sep 28, 2023Thursday, 28 September 2023, 15:15	5.4 MEDIUM	—
A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.