octobercms/october

採点内訳

※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。

過去の SecurityAdvisory (20 件)

• LOWGHSA-jvwg-phxx-j3rpCVE-2026-291792026/4/21
  Editor Sub-Permission Bypass for Asset and Blueprint File Operations
• LOWGHSA-jj38-h5w5-mvpfCVE-2026-279372026/4/21
  Reflected XSS via DataTable Form Widget
• MEDIUMGHSA-h6jm-f4hh-fw27CVE-2026-262742026/4/21
  Safe Mode Bypass via Twig Database Write Operations
• MEDIUMGHSA-3888-q23f-x7qhCVE-2026-260672026/4/21
  Safe Mode Bypass via CSS Preprocessor Compilers
• MEDIUMGHSA-gcqv-f29m-67grCVE-2026-251332026/4/14
  Stored XSS via SVG Filter Bypass
• MEDIUMGHSA-g6v3-wv4j-x9hgCVE-2026-251252026/4/14
  Environment Variable Exfiltration via INI Parser Interpolation
• MEDIUMGHSA-6qmh-j78v-ffp7CVE-2026-249062026/4/14
  Stored XSS in Backend Editor Markup Classes
• MEDIUMGHSA-j4j5-9x6g-rgxcCVE-2026-249072026/4/14
  Stored XSS in Event Log Mail Preview
• MEDIUMGHSA-m5qg-jc75-4jp6CVE-2026-226922026/4/14
  Twig Sandbox Bypass via Collection Methods
• MEDIUMGHSA-wvpq-h33f-8rp6CVE-2025-616762026/1/9
  Stored XSS via Branding Styles
• MEDIUMGHSA-gxxc-m74c-f48xCVE-2025-616742026/1/9
  Stored XSS via Editor Settings
• LOWGHSA-96hh-8hx5-cpw7CVE-2024-519912025/5/3
  Unprotected SVG Rename in Media Manager
• LOWGHSA-rjw8-v7rr-r563CVE-2024-256372024/6/25
  Reflected XSS via X-October-Request-Handler Header
• LOWGHSA-v2vf-jv88-3fp5CVE-2024-247642024/6/25
  Open Redirect for Administrator Accounts
• LOWGHSA-rvx8-p3xp-fj3pCVE-2023-443832023/11/29
  Stored XSS by authenticated backend user with improper configuration
• MEDIUMGHSA-q22j-5r3g-9hmhCVE-2023-443812023/11/29
  Safe mode bypass using Page template injection
• MEDIUMGHSA-p8q3-h652-65vxCVE-2023-443822023/11/29
  Safe mode bypass using Twig sandbox escape
• MEDIUMGHSA-x4q7-m6fp-4v9vCVE-2022-359442022/10/13
  Safe Mode bypass leads to authenticated Remote Code Execution
• MEDIUMGHSA-8v7h-cpc2-r8jpCVE-2022-248002022/7/12
  RCE via race condition in upload process
• MEDIUMGHSA-53m6-44rc-h2q5CVE-2022-236552022/2/23
  Compromised gateway causes data breach