216.73.217.64

CVE-2024-25637

· Published 26/06/2024 16:15 · Modified 26/06/2024 16:15

Labels: CVE-2024-25637 2024-06-26CVE-2024-25637CWE-79[email protected]

Essential information

Published
26/06/2024 16:15
Modified
26/06/2024 16:15
Author
Creator
CVSS
3.1 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy interception tool. This issue has been patched in version 3.5.15.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References