CVE-2024-25637 – october/system

Package

Manager: composer
Name: october/system
Vulnerable Version: >=3.2 <3.5.15

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00113 pctl0.305

Details

October System module has a Reflected XSS via X-October-Request-Handler Header ### Impact The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy interception tool. ### Patches This issue has been patched in v3.5.15. ### References Credits to: - [Mayank Mehra](mailto:mayankmehra54@gmail.com) ### For more information If you have any questions or comments about this advisory: * Email us at [hello@octobercms.com](mailto:hello@octobercms.com)

Metadata

Created: 2024-06-26T14:08:31Z
Modified: 2024-06-26T19:31:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-rjw8-v7rr-r563/GHSA-rjw8-v7rr-r563.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-rjw8-v7rr-r563
Finding: F008
Auto approve: 1