october/backend Security Advisories for v1.0.467 (3)
-
[LOW] Potential Host Header Poisoning on misconfigured servers
PKSA-qdcz-hc2r-sgmp CVE-2021-21265 GHSA-xhfx-hgmf-v6vp
Affected version: <1.1.2
Reported by:
GitHub -
[LOW] Stored XSS by authenticated backend user with access to upload files
PKSA-pm3b-44t6-914w CVE-2020-15249 GHSA-fx3v-553x-3c4q
Affected version: >=1.0.319,<1.0.469
Reported by:
GitHub -
[LOW] Privilege escalation by backend users assigned to the default "Publisher" system role
PKSA-n1yr-6tth-9x9n CVE-2020-15248 GHSA-rfjc-xrmf-5vvw
Affected version: >=1.0.319,<1.0.470
Reported by:
GitHub