CVE-2024-45962 Information

Description

October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target.

Reference

https://grimthereaperteam.medium.com/october-cms-3-6-30-stored-xss-ddf2be7a226e