CVE-2020-4061 LOW

CVE-2020-4061: Cross-site Scripting in OctoberPotential self-XSS when pasting content from malicious websites

Vendor October Cms
Product October
Weakness CWE-79 · XSS
Published July 2, 2020
Last update August 4, 2024

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed in 1.0.467.

Key dates

02Disclosure timeline

July 2, 2020 CVE published
August 4, 2024 Record updated