Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

OctoberCMS

Free, open-source, self-hosted CMS platform based on the Laravel PHP Framework.
Collective - Host: opensource - https://opencollective.com/octobercms - Website: https://octobercms.com/ - Code: https://github.com/octobercms/october

Low
october: GSA_kwCzR0hTQS12MnZmLWp2ODgtM2ZwNc4AA9Xp
October System module has an Open Redirect for Administrator Accounts
Ecosystems: packagist
Packages: october/system
Source: github
Published: 6 months ago
Low
october: GSA_kwCzR0hTQS1yanc4LXY3cnItcjU2M84AA9Xl
October System module has a Reflected XSS via X-October-Request-Handler Header
Ecosystems: packagist
Packages: october/system
Source: github
Published: 6 months ago
Moderate
october: GSA_kwCzR0hTQS1ydng4LXAzeHAtZmozcM4AA3a4
October CMS stored XSS by authenticated backend user with improper configuration
Ecosystems: packagist
Packages: october/system
Source: github
Published: about 1 year ago
Critical
october: GSA_kwCzR0hTQS1wOHEzLWg2NTItNjV2eM4AA3a2
October CMS safe mode bypass using Twig sandbox escape
Ecosystems: packagist
Packages: october/system
Source: github
Published: about 1 year ago
Moderate
october: GSA_kwCzR0hTQS1xMjJqLTVyM2ctOWhtaM4AA3a1
October CMS safe mode bypass using Page template injection
Ecosystems: packagist
Packages: october/system
Source: github
Published: about 1 year ago
High
october: GSA_kwCzR0hTQS14NHE3LW02ZnAtNHY5ds4AAvUA
October CMS Safe Mode bypass leads to authenticated Remote Code Execution
Ecosystems: packagist
Packages: october/system
Source: github
Published: about 2 years ago
High
october: GSA_kwCzR0hTQS04djdoLWNwYzItcjhqcM4AAtX7
October CMS upload process vulnerable to RCE via Race Condition
Ecosystems: packagist
Packages: october/system
Source: github
Published: over 2 years ago
Moderate
october: GSA_kwCzR0hTQS05aHE4LXYyamMtcWo0cs4AAdqt
October CMS XSS In Caption Tag of Profile
Ecosystems: packagist
Packages: october/october
Source: github
Published: over 2 years ago
High
october: GSA_kwCzR0hTQS12bTZyLTRwNHYtMjMyeM4AAQVx
October CMS CSRF
Ecosystems: packagist
Packages: october/october
Source: github
Published: over 2 years ago
Moderate
october: GSA_kwCzR0hTQS0zcDZjLTl4aG0tOHg3aM4AAQVR
October CMS XSS
Ecosystems: packagist
Packages: october/october
Source: github
Published: over 2 years ago
Critical
october: GSA_kwCzR0hTQS04dmg2LTh3NzYtdjZtM84AAQVU
October CMS File Upload Vulnerability
Ecosystems: packagist
Packages: october/october
Source: github
Published: over 2 years ago
Moderate
october: GSA_kwCzR0hTQS01M202LTQ0cmMtaDJxNc0uRQ
Missing server signature validation in OctoberCMS
Ecosystems: packagist
Packages: october/system
Source: github
Published: almost 3 years ago
High
october: GSA_kwCzR0hTQS03OWp3LTJmNDYtd3YyMs0uLg
Authenticated remote code execution in October CMS
Ecosystems: packagist
Packages: october/system
Source: github
Published: almost 3 years ago
High
october: GSA_kwCzR0hTQS01aGZqLXI3MjUtd3BjNM0jVg
october/system arbitrary code execution
Ecosystems: packagist
Packages: october/system
Source: github
Published: almost 3 years ago
High
october: GSA_kwCzR0hTQS13djIzLXBmajctMm1qas0jVw
October/System authenticated file write leads to remote code execution
Ecosystems: packagist
Packages: october/system
Source: github
Published: almost 3 years ago
High
october: GSA_kwCzR0hTQS02Z2pmLTd3OTktajd4N80WOA
Deleted Admin Can Sign In to Admin Interface
Ecosystems: packagist
Packages: october/system, october/october
Source: github
Published: about 3 years ago
High
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3NnItdmdmMy1qNnc1
October CMS auth bypass and account takeover
Ecosystems: packagist
Packages: october/system
Source: github
Published: over 3 years ago
High
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14cjUtbWM5Ny02M3Jj
Account Takeover in Octobercms
Ecosystems: packagist
Packages: october/system
Source: github
Published: over 3 years ago
Moderate
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjcjgtNnE3ci1tNHdn
Bypass of fix for CVE-2020-26231, Twig sandbox escape
Ecosystems: packagist
Packages: october/cms
Source: github
Published: over 3 years ago
Low
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoZngtaGdtZi12NnZw
Potential Host Header Poisoning on misconfigured servers
Ecosystems: packagist
Packages: october/backend
Source: github
Published: almost 4 years ago
Critical
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdnZ3ctaDhwcC1yOTVy
October CMS Session ID not invalidated after logout
Ecosystems: packagist
Packages: october/rain
Source: github
Published: almost 4 years ago
Low
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4OXYtY2d2Ny0zamh4
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Ecosystems: packagist
Packages: october/cms
Source: github
Published: about 4 years ago
Moderate
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk0dnAtcm1xdi01ODc1
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
Ecosystems: packagist
Packages: october/cms
Source: github
Published: about 4 years ago
High
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3anItNmZqNy1mYzZo
Local File Inclusion by unauthenticated users
Ecosystems: packagist
Packages: october/cms
Source: github
Published: about 4 years ago
Low
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4M3YtNTUzeC0zYzRx
Stored XSS by authenticated backend user with access to upload files
Ecosystems: packagist
Packages: october/backend
Source: github
Published: about 4 years ago
Low
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmamMteHJtZi01dnZ3
Privilege escalation by backend users assigned to the default "Publisher" system role
Ecosystems: packagist
Packages: october/backend
Source: github
Published: about 4 years ago
Moderate
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU1bW0tNTM5OS03cjYz
Reliance on Cookies without validation in OctoberCMS
Ecosystems: packagist
Packages: october/rain
Source: github
Published: over 4 years ago
Low
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cGotN3A2OC0zdmd2
Stored XSS in October
Ecosystems: packagist
Packages: october/backend
Source: github
Published: over 4 years ago
Low
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwYzItZm03cC1xMnZn
Cross-site Scripting in October
Ecosystems: packagist
Packages: october/backend
Source: github
Published: over 4 years ago
Moderate
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3M3ctcjl4Zy03Y3I5
Use of insecure jQuery version in OctoberCMS
Ecosystems: packagist
Packages: october/system, october/october
Source: github
Published: over 4 years ago
Moderate
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyaG0tbTJmcC1oeDdx
Potential CSV Injection vector in OctoberCMS
Ecosystems: packagist
Packages: october/backend
Source: github
Published: over 4 years ago
Moderate
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdnNngteHg3OC00NDhj
Reflected XSS when importing CSV in OctoberCMS
Ecosystems: packagist
Packages: october/backend
Source: github
Published: over 4 years ago
Low
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3MjItcnI2OC1yZnBn
Upload whitelisted files to any directory in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: github
Published: over 4 years ago
Moderate
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2NnYtZnZ2eC00OTMy
Arbitrary File Deletion vulnerability in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: github
Published: over 4 years ago
Moderate
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIyM2YtYzJqNS1yeDJm
Local File read vulnerability in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: github
Published: over 4 years ago