October 3.6.30 allows an authenticated admin account to upload a PDF file containing malicious JavaScript into the target system. If the file is accessed through the website, it could lead to a Cross-Site Scripting (XSS) attack or execute arbitrary code via a crafted JavaScript to the target.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| october/october(Packagist) | 0 | N/A | N/A |
CVSS Metrics
